Medical RecordsTechnology

Sutter Health HIPAA Breach: Lessons Learned

onlinetech
onlinetech
3 Min Read

The Sutter Health HIPAA breach of 3.3 million patient demographic data from 1995 to January 2011 was recently reported – and an additional 943,000 patients from the Sutter Medical Foundation were also affected (both demographic and medical diagnosis data). Twenty-one total healthcare providers were also affected.

The Sutter Health HIPAA breach of 3.3 million patient demographic data from 1995 to January 2011 was recently reported – and an additional 943,000 patients from the Sutter Medical Foundation were also affected (both demographic and medical diagnosis data). Twenty-one total healthcare providers were also affected. Sutter Health is a not-for-profit network of doctors, hospitals and care providers.

A couple key points and lessons learned are noted:

Encryption: the breach was a result of physical theft at the Sutter Medical Foundation’s administrative offices. A rock used to break the window allowed a thief to make off with an unencrypted desktop computer housing a patient database of information (although the company was in the process of encrypting their data at the time of theft, starting primarily with hand-held devices). Encryption is viewed as a common and recommended best practice in cases of sensitive data storage, and is a must for HIPAA covered entities.

More Read

Health Tablets in the Waiting Room Revolutionizing Telemedicine
RSNA 2013: What Did We Learn?
Could Underperforming EHRs Be Responsible for the Meaningful Use Dropout Rate?
Artificial Retina Approved for Sale in Europe
How a Well-Designed Doctor’s Office Could Help Patients

Data Storage: Keeping a large amount of protected health information (PHI) unencrypted and easily accessible on a desktop computer is not considered the most secure form of data storage. As I blogged about in early August (see 2011 HIPAA Violations infographic), HHS.gov records show the most common type of HIPAA violations by number of instances is due to physical theft (49 percent). Cloud computing, whether the private cloud or the managed cloud, can offer increased security with the use of firewalls, Intrusion Detection and Protection Systems (IDS/IPS), access authentication and more.

Patient notification: Although the data theft was stolen over the weekend of October 15, the patients and the public were not notifieduntil a month later (last Wednesday). In addition, according to ModernHealthCare.com, a Sutter Health spokeswoman is not planning to notify the 3.3 million affected patients directly, and some patients might not receive notice by mail until early next month.

Earlier this year, the TRICARE/SAIC HIPAA breach affected a record 4.9 million military patients of the San Antonio area – the stolen military backup tapes were also unencrypted.

HIPAA compliance is a result of a combination of technology, policies and procedures – if you’re uncertain about what HIPAA hosting for your protected health information (PHI) should entail, see our HIPAA FAQ for more answers.

Sutter Health: Stolen Computer Contained Info on 4.2 Million
Medical Record Theft at Sutter Health Part of Wider Problem

TAGGED:
Share This Article

Stay Connected

Latest News

men in white coat standing beside woman in white coat
Why Methylene Blue Has Grown in Popularity Across Europe
Mental Health
language barriers in healthcare
Language Barriers Are Most Underestimated Risk in Healthcare
Global Healthcare Policy & Law
nurse checking her schedule
Managing On-Call Lists for Healthcare Open Shifts
Health
outdoor yoga class in sunny park setting
Resveratrol Capsules VS Resveratrol Powder: Are There Differences?
Health

You Might also Like