305-577-3996
305-577-3996

197 Privacy Breaches and Counting

Wed Dec 29th, 2010 on     Health Insurance,    

The year isn’t over quite yet, but 2010 has already logged a remarkable number of privacy breaches. As of November 30, the Office for Civil Rights of the U.S. Department of Health and Human Services had received reports of 197 health insurance companies, health care providers and health data clearinghouses failing to protect individually identifiable health information as required under HIPAA and HITECH regulations. Nearly half of those reports have been made since July.

The two laws were designed to protect an individual’s control over who may look at and receive private health information. The information can be in written or electronic form, as well as spoken. The security provisions require health insurance companies, doctors and other covered entities to put safeguards in place to protect the integrity, confidentiality and availability of that data. The security rule, however, applies only to individually identifiable health information that an entity creates, receives, transmits or maintains. This data set is called electronic protected health information, or e-PHI.

OCR is required to publish a list of any breach of e-PHI involving 500 or more individuals. In the first five months the list was available on the OCR website, reports averaged about 15 per month. Since July, the average has jumped to 18 per month. The largest single breach was reported by Florida’s AvMed Health Plan. That breach, discussed in our last post, affected 1.22 million individuals.

As in the AvMed breach, a stolen laptop is the most frequent location of breached information on the OCR list, accounting for 55, or 27.9 percent, of the 197 reports. Paper records came in second, with 41 reports (about 21 percent). Desktop computers were third (32 reports, or 16 percent), and portable electronic devices (29 reports, or almost 18 percent) fourth.

Only one report came close to AvMed’s. Blue Cross Blue Shield of Tennessee reported a theft of hard drives in October 2009. In that case, 1.02 million individuals were affected.

If there is a lesson in all of this for consumers, it is to read your medical provider and health insurance privacy policies carefully, to know your rights and to file a complaint if you believe your rights have been violated.

Resources:

Health Leaders Media “OCR: Data Breaches Double Since July” 12/02/10

US Department of Health and Human Services, Office for Civil Rights, Health Information Privacy website

Categories

Subscribe

Archives

Super Lawyers
Florida Legal Elite
Top Lawyer - South Florida Legal Guide
Association of Corporate Counsel - South Florida Chapter
Ver Ploeg & Lumpkin, P.A. Ver Ploeg & Marino: Miami Insurance Law Firm
Miami Office
100 S.E. Second Street
Suite 3300
Miami, Florida 33131
Phone: 305-577-3996
Fax: 305-577-3558
View Office
Orlando Office
301 East Pine Street
Suite 790
Orlando, Florida ​32801
Phone: 407-380-9312
Fax: 407-601-7905
View Office
Philadelphia Office
2400 Market Street
Offsite - Suite 242
Philadelphia, Pennsylvania 19103
Phone: 267-486-1151
Fax: 305-577-3558
View Office
Contact Us
Back to top