Medical RecordsTechnology

Sutter Health HIPAA Breach: Lessons Learned

onlinetech
onlinetech
3 Min Read

The Sutter Health HIPAA breach of 3.3 million patient demographic data from 1995 to January 2011 was recently reported – and an additional 943,000 patients from the Sutter Medical Foundation were also affected (both demographic and medical diagnosis data). Twenty-one total healthcare providers were also affected.

The Sutter Health HIPAA breach of 3.3 million patient demographic data from 1995 to January 2011 was recently reported – and an additional 943,000 patients from the Sutter Medical Foundation were also affected (both demographic and medical diagnosis data). Twenty-one total healthcare providers were also affected. Sutter Health is a not-for-profit network of doctors, hospitals and care providers.

A couple key points and lessons learned are noted:

Encryption: the breach was a result of physical theft at the Sutter Medical Foundation’s administrative offices. A rock used to break the window allowed a thief to make off with an unencrypted desktop computer housing a patient database of information (although the company was in the process of encrypting their data at the time of theft, starting primarily with hand-held devices). Encryption is viewed as a common and recommended best practice in cases of sensitive data storage, and is a must for HIPAA covered entities.

More Read

What Does The Future Of Healthcare Look Like?
The Future Of Technology Advances In Medicine
Potential Malaria Detection, Drug Sensitivity Handheld Testing Device on Indiegogo
Telehealth Chair Lets You Take Your Vitals While You Relax
Presentation on Meaningful Use and EMR in Research

Data Storage: Keeping a large amount of protected health information (PHI) unencrypted and easily accessible on a desktop computer is not considered the most secure form of data storage. As I blogged about in early August (see 2011 HIPAA Violations infographic), HHS.gov records show the most common type of HIPAA violations by number of instances is due to physical theft (49 percent). Cloud computing, whether the private cloud or the managed cloud, can offer increased security with the use of firewalls, Intrusion Detection and Protection Systems (IDS/IPS), access authentication and more.

Patient notification: Although the data theft was stolen over the weekend of October 15, the patients and the public were not notifieduntil a month later (last Wednesday). In addition, according to ModernHealthCare.com, a Sutter Health spokeswoman is not planning to notify the 3.3 million affected patients directly, and some patients might not receive notice by mail until early next month.

Earlier this year, the TRICARE/SAIC HIPAA breach affected a record 4.9 million military patients of the San Antonio area – the stolen military backup tapes were also unencrypted.

HIPAA compliance is a result of a combination of technology, policies and procedures – if you’re uncertain about what HIPAA hosting for your protected health information (PHI) should entail, see our HIPAA FAQ for more answers.

Sutter Health: Stolen Computer Contained Info on 4.2 Million
Medical Record Theft at Sutter Health Part of Wider Problem

TAGGED:
Share This Article

Stay Connected

Latest News

Clinical Expertise
Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
Health care
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Health
Learn how to Renew your Medical Card in West Virginia
Learn how to Renew your Medical Card in West Virginia
Health
Dr. Klaus Rentrop Shares Acute Myocardial Infarction heart treatment
Dr. Klaus Rentrop Shares Acute Myocardial Infarction
Cardiology

You Might also Like