Lisa Gallagher, senior director of privacy and security at the Healthcare Information and Management Systems Society, presented results of a survey at an HHS-sponsored advisory panel on standards in November. Fifty-two percent of large hospitals, 33% of mid-sized hospitals and 25% of small hospitals surveyed reported experiencing a data breach in the past year…
In October and November, a slew of healthcare organizations announced patient data losses, including:
• Aurora St. Luke’s Medical Center: Over the weekend of Oct. 9-11, the office of hospitalists employed by Cogent Healthcare was burglarized in a building adjacent to Aurora St. Luke’s in Milwaukee, according to hospital spokesman Adam Beeson. Taken was a laptop computer with billing information on 6,400 people, mostly Aurora hospital inpatients, that included in almost all cases, names and diagnoses, and in some cases addresses, medical record numbers and Social Security numbers, Beeson said.
• Blue Cross Blue Shield of Tennessee: In its Chattanooga office, 57 hard drives were stolen early in October from servers being used for training, according to a plan spokeswoman. The drives held copies of 300,000 computer
“screens” pulled up during customer service interactions along with recordings of 50,000 hours of telephone conversations about patient care and medical bills, according to the health plan. The data included names, addresses, dates of birth and, in some cases, diagnoses.
• Children’s Hospital of Philadelphia: On Oct. 20, an employee had a laptop computer stolen from a car parked at home; the computer contained the Social Security numbers and other personal information of 943 people, hospital
spokeswoman Juliann Walsh confirmed last week. Walsh said the hospital is providing the affected parties with identity theft monitoring, consultation and restoration services,
• Harris County Hospital District: Sixteen employees were fired for alleged violations of patient privacy laws involving the records of a first-year resident, according to a district official. The Houston Chronicle reported that the workers were fired Nov. 20 for looking at the medical records of a first-year Baylor I College resident assigned
to Ben Taub General Hospital, Houston, according to the Associated Press.
• Health Net: Sometime in May, a hard drive disappeared from the Shelton, Conn., office of Health Net, an insurer based in Woodland Hills, Calif. According to Connecticut Attorney General Richard Blumenthal, the drive contained health information, and financial and personal data, such as Social Security numbers, on 446,000 Connecticut patients. According to Blumenthal, his office was not notified of the breach until Nov. 18, about the same time as plan members. Blumenthal said his office was investigating.