By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Sutter Health HIPAA Breach: Lessons Learned
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > Medical Records > Sutter Health HIPAA Breach: Lessons Learned
Medical RecordsTechnology

Sutter Health HIPAA Breach: Lessons Learned

onlinetech
onlinetech
Share
3 Min Read
SHARE

The Sutter Health HIPAA breach of 3.3 million patient demographic data from 1995 to January 2011 was recently reported – and an additional 943,000 patients from the Sutter Medical Foundation were also affected (both demographic and medical diagnosis data). Twenty-one total healthcare providers were also affected.

The Sutter Health HIPAA breach of 3.3 million patient demographic data from 1995 to January 2011 was recently reported – and an additional 943,000 patients from the Sutter Medical Foundation were also affected (both demographic and medical diagnosis data). Twenty-one total healthcare providers were also affected. Sutter Health is a not-for-profit network of doctors, hospitals and care providers.

A couple key points and lessons learned are noted:

Encryption: the breach was a result of physical theft at the Sutter Medical Foundation’s administrative offices. A rock used to break the window allowed a thief to make off with an unencrypted desktop computer housing a patient database of information (although the company was in the process of encrypting their data at the time of theft, starting primarily with hand-held devices). Encryption is viewed as a common and recommended best practice in cases of sensitive data storage, and is a must for HIPAA covered entities.

More Read

telemedicine
Telemedicine Robots Let Doctors “Beam” into Hospitals
Social Media and Doctors: Q&A with Doximity CEO Jeff Tangney
What Does Telemedicine Mean for the Future of Affordable Healthcare?
Medical Device DTC Marketing: Digital Co-Marketing and the Power of the Referral (Part 3 of 4)
The Tools Helping Medical Researchers See the Full Picture

Data Storage: Keeping a large amount of protected health information (PHI) unencrypted and easily accessible on a desktop computer is not considered the most secure form of data storage. As I blogged about in early August (see 2011 HIPAA Violations infographic), HHS.gov records show the most common type of HIPAA violations by number of instances is due to physical theft (49 percent). Cloud computing, whether the private cloud or the managed cloud, can offer increased security with the use of firewalls, Intrusion Detection and Protection Systems (IDS/IPS), access authentication and more.

Patient notification: Although the data theft was stolen over the weekend of October 15, the patients and the public were not notifieduntil a month later (last Wednesday). In addition, according to ModernHealthCare.com, a Sutter Health spokeswoman is not planning to notify the 3.3 million affected patients directly, and some patients might not receive notice by mail until early next month.

Earlier this year, the TRICARE/SAIC HIPAA breach affected a record 4.9 million military patients of the San Antonio area – the stolen military backup tapes were also unencrypted.

HIPAA compliance is a result of a combination of technology, policies and procedures – if you’re uncertain about what HIPAA hosting for your protected health information (PHI) should entail, see our HIPAA FAQ for more answers.

Sutter Health: Stolen Computer Contained Info on 4.2 Million
Medical Record Theft at Sutter Health Part of Wider Problem

TAGGED:2011 HIPAA breachesHIPAA breachhipaa violationsutter health hipaa breach
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5KFollowersLike
4.5KFollowersFollow
2.8KFollowersPin
136KSubscribersSubscribe

Latest News

Florida Nurses Face Growing Licensing Risks: Understanding the Investigation Process and How to Protect Your Career
Florida Nurses Face Growing Licensing Risks: Understanding the Investigation Process and How to Protect Your Career
Nursing Policy & Law
July 2, 2026
Most Clinician Wellness Programs Are Built for a Schedule Nurses Don't Have
Most Clinician Wellness Programs Are Built for a Schedule Nurses Don’t Have
Career Nursing
July 2, 2026
Veneers vs. Crowns vs. Bonding: Understanding Cosmetic Options
Veneers vs. Crowns vs. Bonding: Understanding Cosmetic Options
Dental health Specialties
June 23, 2026
dental implants
Dental Implants and Quality of Life: What the Outcomes Data Shows
Dental health Specialties
June 23, 2026

You Might also Like

telehealth
eHealthMedical DevicesMobile HealthRemote DiagnosticsTechnology

Despite the Penalties, Physician Visit Innovation Is Progressing

February 25, 2014
patient documentation
Hospital AdministrationMedical RecordsTechnology

How to Train Your Dragon: Patient Documentation in the 21st Century

June 5, 2014
Dr Bones McCoy
BusinessMedical DevicesMedical InnovationsTechnology

The Real Medical Tricorder: When Science and Fiction Collide

March 11, 2014
DocResponse
DiagnosticseHealthMedical DevicesMedical InnovationsMobile HealthNewsRemote DiagnosticsTechnologyWellness

Healthcare Technology and the DocResponse Revolution – Meet Your New Best Friend in Healthcare

September 9, 2015
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2026 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?