HHS web site reveals three new breaches
Today’s update to the HHS breach tool web site records some breaches we already knew about but also some other breaches we did not know about through the usual media sources:
California Therapy Solutions in California reported that 1,226 patients had protected health information on a stolen device. The theft occurred on November 15. As of the time of this posting, there is no notice on their web site.
Osceola Medical Center in Wisconsin reported that a hack involving the server of Hils Transcription Service on November 25th exposed the protected health information of 500 patients. There is no statement on either web site at the time of this posting. Ironically, Hils’ site prominently states on its home page, “Our internet servers are secure and HIPAA compliant.” Hmmm.
The International Union of Operating Engineers Health and Welfare Fund in Maryland reported that papers containing PHI on 800 individuals were stolen from Zenith Administrators, Inc, its third party employee benefit program administrator, on November 3. I cannot find any press coverage or statements on either web site at this time.
Finally, as small notes/updates on previously reported breaches:
- The OhioHealth/Grant Medical Center breach reportedly affected 501 patients. Until now, we did not have a number for that one.
- The Centra breach was reported to HHS as affecting 11,982. According to HHS’s logs, the theft occurred on November 12.
Since the new reporting requirements of HITECH went into effect on September 23, 2009, HHS has recorded 225 breaches affecting 500 individuals or more. Breaches affecting fewer than 500 individuals are reported to HHS but not revealed on a public web site.