Medical RecordsTechnology

Sutter Health HIPAA Breach: Lessons Learned

onlinetech
onlinetech
3 Min Read

The Sutter Health HIPAA breach of 3.3 million patient demographic data from 1995 to January 2011 was recently reported – and an additional 943,000 patients from the Sutter Medical Foundation were also affected (both demographic and medical diagnosis data). Twenty-one total healthcare providers were also affected.

The Sutter Health HIPAA breach of 3.3 million patient demographic data from 1995 to January 2011 was recently reported – and an additional 943,000 patients from the Sutter Medical Foundation were also affected (both demographic and medical diagnosis data). Twenty-one total healthcare providers were also affected. Sutter Health is a not-for-profit network of doctors, hospitals and care providers.

A couple key points and lessons learned are noted:

Encryption: the breach was a result of physical theft at the Sutter Medical Foundation’s administrative offices. A rock used to break the window allowed a thief to make off with an unencrypted desktop computer housing a patient database of information (although the company was in the process of encrypting their data at the time of theft, starting primarily with hand-held devices). Encryption is viewed as a common and recommended best practice in cases of sensitive data storage, and is a must for HIPAA covered entities.

More Read

Cell-tissue-applications
Applications, Global Markets in Tissue Engineering and Cell Therapy
How AI Detection Tools Are Transforming Healthcare for Better Accuracy and Safety
Sensors and Smartphones Bring the Baby Monitor Into 2013
Can “Portfolio Theory” Be Applied to NIH Funding Decisions?
What to Expect from a hair transplant procedure – steps, recovery and more

Data Storage: Keeping a large amount of protected health information (PHI) unencrypted and easily accessible on a desktop computer is not considered the most secure form of data storage. As I blogged about in early August (see 2011 HIPAA Violations infographic), HHS.gov records show the most common type of HIPAA violations by number of instances is due to physical theft (49 percent). Cloud computing, whether the private cloud or the managed cloud, can offer increased security with the use of firewalls, Intrusion Detection and Protection Systems (IDS/IPS), access authentication and more.

Patient notification: Although the data theft was stolen over the weekend of October 15, the patients and the public were not notifieduntil a month later (last Wednesday). In addition, according to ModernHealthCare.com, a Sutter Health spokeswoman is not planning to notify the 3.3 million affected patients directly, and some patients might not receive notice by mail until early next month.

Earlier this year, the TRICARE/SAIC HIPAA breach affected a record 4.9 million military patients of the San Antonio area – the stolen military backup tapes were also unencrypted.

HIPAA compliance is a result of a combination of technology, policies and procedures – if you’re uncertain about what HIPAA hosting for your protected health information (PHI) should entail, see our HIPAA FAQ for more answers.

Sutter Health: Stolen Computer Contained Info on 4.2 Million
Medical Record Theft at Sutter Health Part of Wider Problem

TAGGED:
Share This Article

Stay Connected

Latest News

health wellbeing Safe Home Heating for Vulnerable Populations: Children, Seniors, and Patients
Safe Home Heating for Vulnerable Populations: Children, Seniors, and Patients
Health
file a police report after a car accident
Can Filing a Police Report Help with Medical Bills?
Policy & Law
Slips and falls can happen in the blink of an eye, often in spaces we believe to be safe. A brief moment of misstep
When a Simple Fall Becomes a Serious Health Concern
Health
How Setting Boundaries Helps Trauma Survivors Heal
Health

You Might also Like