Oh, for the day when medical records were on paper. In the blink of an eye, now millions of electronic medical records can be ‘carried off’ to anywhere. This has become apparent in recent and repetitive reports of privacy and confidentiality breakdowns. Advocate Health reported an HIPAA breach recently, announcing that the theft occurred at one of its Advocate Medical Group administrative building in Park Ridge, Ill.
Oh, for the day when medical records were on paper. In the blink of an eye, now millions of electronic medical records can be ‘carried off’ to anywhere. This has become apparent in recent and repetitive reports of privacy and confidentiality breakdowns. Advocate Health reported an HIPAA breach recently, announcing that the theft occurred at one of its Advocate Medical Group administrative building in Park Ridge, Ill. on July 15. This breach stands as the second biggest HIPAA breach ever reported, according to HHS data – just behind the TRICARE Management Activity breach which impacted more than 4.9 million patients back in 2011.
In other words, one of the nation’s largest healthcare systems is notifying more than four million patients that their protected health information and Social Security numbers have been compromised after the theft of four unencrypted company computers.
Patient names, addresses, dates of birth, Social Security numbers and clinical information – including physician, medical diagnoses, medical record numbers and health insurance data — were all contained on the computers, officials say.
This is the second big HIPAA breach for Advocate Health System. In 2009, company officials notified 812 patients that their protected health information had been compromised following the theft of an employee’s unencrypted laptop.
Texas HIPAA blunder affects 277K
This time it was not an electronic medium that was breached. Texas Health Harris Methodist Fort Worth is notifying some 277,000 patients that their protected health information has been compromised after several hospital microfilms, which were supposed to be destroyed, were found in various public locations.
Texas Health Fort Worth had contracted with Toronto-based Shred-it to destroy the confidential patient information, but the microfilms were not actually destroyed, as had been agreed upon in the contract, officials say. Instead, a local resident found a portion of the microfiche in a nearby park in May. Additionally, three other sheets of microfiche were found in two other public areas.
The records on the microfiche contained patient names, addresses, dates of birth, medical record numbers, clinical information, health insurance information and in some cases Social Security numbers
These breaches are only two of many inadvertent breakdowns in health information security.
In 2011 a TRICAREManagement Activity breach impacted more than 4.9 million patients back in 2011, in which a Lost Military Backup Tapes Results in HIPAA Violation Affecting 4.9 Million. TRICARE, the Defense Department’s healthcare program, reported what may be the largest health information breach documented in HIPAA history since the HITECH Act was established in 2009. Nearly 4.9 million patients of San Antonio area military hospitals and clinics have been affected by the loss of data backup tapes. These tapes contained an archive of sensitive information dating from Sept. 7, 2011, back to 1992.
Vernon Guidry, a spokesman for Science Applications International (SAIC), the organization that reported the breach, has confirmed that it was “not an electronic breach” but “a loss of magnetic storage media.”
The Federal Office of Civil Rights administers HIPAA,and reports its findings here:
The breaches result in fines and penalties as well as civil damages for civil rights violations.
Apparently the federal government has interdepartmental conflict over legalities of sharing protected information.
As yet no one has addressed this issue with the Affordable Care Act in which it is proposed that the IRS administer and enforce the Individual and Employer Mandates.