Medical RecordsTechnology

Sutter Health HIPAA Breach: Lessons Learned

onlinetech
onlinetech
3 Min Read

The Sutter Health HIPAA breach of 3.3 million patient demographic data from 1995 to January 2011 was recently reported – and an additional 943,000 patients from the Sutter Medical Foundation were also affected (both demographic and medical diagnosis data). Twenty-one total healthcare providers were also affected.

The Sutter Health HIPAA breach of 3.3 million patient demographic data from 1995 to January 2011 was recently reported – and an additional 943,000 patients from the Sutter Medical Foundation were also affected (both demographic and medical diagnosis data). Twenty-one total healthcare providers were also affected. Sutter Health is a not-for-profit network of doctors, hospitals and care providers.

A couple key points and lessons learned are noted:

Encryption: the breach was a result of physical theft at the Sutter Medical Foundation’s administrative offices. A rock used to break the window allowed a thief to make off with an unencrypted desktop computer housing a patient database of information (although the company was in the process of encrypting their data at the time of theft, starting primarily with hand-held devices). Encryption is viewed as a common and recommended best practice in cases of sensitive data storage, and is a must for HIPAA covered entities.

More Read

healthcare technology
8 Reasons to Adopt Technology for Your Healthcare Practice
10 Essential Qualities Of A Virtual Medical Assistant
HINZ: Health IT in New Zealand
The Importance Of Medical Labels And Supplement Labels
Insurance Reimbursement is Key for Widespread Adoption of Focused Ultrasound

Data Storage: Keeping a large amount of protected health information (PHI) unencrypted and easily accessible on a desktop computer is not considered the most secure form of data storage. As I blogged about in early August (see 2011 HIPAA Violations infographic), HHS.gov records show the most common type of HIPAA violations by number of instances is due to physical theft (49 percent). Cloud computing, whether the private cloud or the managed cloud, can offer increased security with the use of firewalls, Intrusion Detection and Protection Systems (IDS/IPS), access authentication and more.

Patient notification: Although the data theft was stolen over the weekend of October 15, the patients and the public were not notifieduntil a month later (last Wednesday). In addition, according to ModernHealthCare.com, a Sutter Health spokeswoman is not planning to notify the 3.3 million affected patients directly, and some patients might not receive notice by mail until early next month.

Earlier this year, the TRICARE/SAIC HIPAA breach affected a record 4.9 million military patients of the San Antonio area – the stolen military backup tapes were also unencrypted.

HIPAA compliance is a result of a combination of technology, policies and procedures – if you’re uncertain about what HIPAA hosting for your protected health information (PHI) should entail, see our HIPAA FAQ for more answers.

Sutter Health: Stolen Computer Contained Info on 4.2 Million
Medical Record Theft at Sutter Health Part of Wider Problem

TAGGED:
Share This Article

Stay Connected

Latest News

cooling vests healthy workplace
How Cooling Vests Improve Health and Workplace Safety
Health Policy & Law
talk therapy
When Emotional Healing Requires Physical Awareness
Addiction Recovery Health
Career Mobility in the Modern Nursing
The Growing Importance of Career Mobility in the Modern Nursing Workforce
Career Nursing
advancement in nursing career
How Nursing Leadership Shapes Organizational Culture and Patient Outcomes
Global Healthcare Nursing

You Might also Like