HHS site update reveals three previously unreported breaches
The most recent update of HHS’s breach tool website reveals three breaches we didn’t know about and one breach that had previously been reported in the media:
The Utah Department of Health recently reported the Utah Department of Workforce Services incident involving access to and disclosure of 1298 immigrants’ information. The incident was covered on databreaches.net and pogowasright.org back in July. I asked the state why the delayed notification to HHS and received the following statement by e-mail today:
The Utah Department of Health has worked closely with the Utah Department of Workforce Services to ensure proper notification regarding this incident and to ensure appropriate policies and procedures are in place to ensure the safeguarding of protected health information. Although it appears that the
collection of information may have begun as early as March 2010, the agencies were not aware of the breach until July 2010. The incident was covered heavily in local media and clients were sent notification regarding the potential disclosure of protected health information. It is unclear to what extent that the disclosed information came from protected health information or from other sources. Because the State has determined that the breach may have affected more than 500 individuals, it has filed its report. The Utah Attorney General’s Office is currently investigating this breach.
Cumberland Gastroenterology, P.S.C. in Kentucky recently notified HHS of an incident involving the theft of paper records containing protected health information of 2,207 patients. The theft reportedly occurred on Sept. 18. The practice does not seem to have a website, so further details are not available at this time unless someone submits a copy of any notification letter they received.
The LoneStar Audiology Group in Texas reports that a laptop stolen on August 11 contained the PHI for 585 patients. The practice does not seem to have a website, so further details are not available at this time unless someone submits a copy of any notification letter they received.
WESTMED Medical Group in New York also experienced a laptop theft in August. They report that 578 patients had PHI on the stolen device. I sent an e-mail inquiry to them but have yet to receive a response and do not see any statement on their website.