Uncategorized

Lost Military Backup Tapes Results in HIPAA Violation Affecting 4.9 Million

onlinetech
onlinetech
3 Min Read

The most recent HIPAA violator appears to be a contractor for the Pentagon. TRICARE, the Defense Department’s healthcare program, reported what may be the largest health information breach documented in HIPAA history since the HITECH Act was established in 2009. Nearly 4.9 million patients of San Antonio area military hospitals and clinics have been affected by the loss of data backup tapes. These tapes contained an archive of sensitive information dating from Sept. 7, 2011, back to 1992.

The most recent HIPAA violator appears to be a contractor for the Pentagon. TRICARE, the Defense Department’s healthcare program, reported what may be the largest health information breach documented in HIPAA history since the HITECH Act was established in 2009. Nearly 4.9 million patients of San Antonio area military hospitals and clinics have been affected by the loss of data backup tapes. These tapes contained an archive of sensitive information dating from Sept. 7, 2011, back to 1992.

While an ongoing investigation takes place, the only details released include what kind of data lost (personally identifiable sensitive information and protected health information, including SSNs, names, addresses, clinical notes, lab tests and prescriptions), as well as the fact that the backup tapes were not encrypted. Although breaches of encrypted data do not have to be reported, it is still a recommended best practice for the minimum security to meet PCI and HIPAA compliance and protect patient data.

The exact cause of the loss has not been disclosed, and Vernon Guidry, a spokesman for Science Applications International (SAIC), the organization that reported the breach, has confirmed that it was “not an electronic breach” but “a loss of magnetic storage media.”

More Read

Total Cost of a HIPAA Violation: 18.5 Million
Preventing a HIPAA Violation in 2012
Cloud Computing in 2012: Ready for Enterprise?
HIPAA Hosting Q&A with a Certified HIPAA Practitioner & Security Specialist
New Health IT Events Calendar

Cases such as these present an opportunity for lessons learned – always go with encryption when it comes to storing or transmitting sensitive data, and when outsourcing your offsite backup and data storage to an IT contractor, make sure they have HIPAA/HITECH regulated policies and procedures in place.

Get more information about policies, procedures and audits a HIPAA compliant data center should have in place, or watch our previously recorded HIPAA webinar to hear our guest speaker Attorney Tatiana Melnik explain the legal implications of HITECH/HIPAA.

Sources:
TRICARE Breach Affects 4.9 Million
Official TRICARE Data Breach Statement
Data Breach Exposes 4.9 Million TRICARE Patients

  

TAGGED:
Share This Article

Stay Connected

Latest News

CRM Software for healthcare
A Beginner’s Guide to Medical CRM Software for Clinics, Medspas, and Telehealth
Global Healthcare Technology
The Evolving Role of Nurse Educators in Strengthening Clinical Workforce Readiness
Career Nursing
back health
The Quiet Strain: How Digital Habits Are Reshaping Back Health
Infographics
in-home care service
How to Choose the Best In-Home Care Service for Seniors with Limited Mobility
Senior Care Wellness

You Might also Like