Health Information Management

Sutter Health breach includes medical diagnoses

HIM-HIPAA Insider, November 29, 2011

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

On November 16, Sutter Health in Sacramento, CA, reported on its website the theft of an unencrypted desktop computer which contained the records for more than 4.2 million patients. The computer was taken from the health system’s administrative offices the weekend of October 15.

Sutter Health said 3.3 million patients seen from 1995 to January 2011 under its Sutter Physician Services (SPS) umbrella were included in the computer’s database, which held the following information:

• Name
• Address
• Date of birth
• Phone number
• E-mail address (if provided)
• Medical record number
• Name of the patient’s health insurance plan

SPS provides billing and managed care services for healthcare providers with which it contracts, including facilities within the Sutter Health network.

Further, the desktop computer held information on approximately 943,000 Sutter Medical Foundation (SMF) patients treated from January 2005 to January 2011, including dates of services and descriptions of medical diagnoses and/or procedures used for business operations.

Because the data of SMF patients was broader in scope, Sutter Medical Foundation has begun the process of notifying these patients by mail. Patients should receive letters no later than December 5.

Read more on the HIPAA Update blog.
 



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular