The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

HIPAA Breach Report: February 2014

Posted By on May 8, 2014

February 2014 HIPAA Breach Summary:

HIPPA Regulations require all covered entities to submit a report of any breach affecting more than 500 individuals to the Department of Health and Human Services’ Office for Civil Rights. Covered entities only have 60 days in order to make the report, or they face a breach notification penalty.

This report contains a summary of the breaches which have been reported to the OCR during the month of February, 2014.

Major HIPAA Breaches in February 2014

Had it not have been for a huge HIPAA breach at St. Joseph Health System (TX), in which 405,000 patient records were exposed after a network server was hacked, February would have been a relatively good month for the healthcare industry. There were 23 HIPAA breaches reported during the course of the month, but St. Joseph’s aside, only 92,492 records were exposed.

StayWell Health Management, LLC made 4 separate breach reports involving a total of 16,841 individuals, all of which involved the unauthorized disclosure of records as a result of a network server incident. 16,446 electronic medical records were stolen from healthcare provider Kmart Corporation (IL), while the University of Miami (FL) reported a 13,074-record breach involving physical PHI records.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Joseph Michael Benson M.D (TX) was one of two doctors reporting thefts of stolen unencrypted devices in February. In his case a desktop computer containing 7,500 of his patient’s records was stolen, while Min Yi, M.D (CA) also had a device stolen containing 4,676 records.

Summary of Reported Breaches

In February, 2014, a total of 497,492 individuals were affected in 23 data/HIPAA/HIPAA data breaches that were reported to the OCR through its breach report portal.

Breach Type

The theft of laptop computers dominates the breach report for February, with unauthorized disclosures also a major issue for the month. While there were only two hacking incidents, they exposed more records – 407,269 – than all other breaches combined.

hipaa-breach-type-feb-14

Breaches by Covered Entity

Healthcare providers registered the most data breaches in February with 13 incidents, healthcare clearing houses avoided any breaches while 7 Business Associates and 3 health plans were affected.

hipaa-breach-report-feb-14

Location of Breached Information

 

HIPAA-breaches-by-location-feb-14

View Breach Report for January, 2014

Data Source:

HHS OCR Breach Portal: ttps://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF4A0922D09B6E1CF5DAE375E0D0.ajp13w

*Data does not include HIPAA breaches reported to the OCR after the 60-day reporting deadline, as demanded by the Breach Notification Rule. Any errors made by CEs during the submission of HIPAA breach reports via the online portal will be reflected in this breach summary. Figures are deemed to be correct at the time of publishing, although covered entities are permitted to update breach reports after the 60 day deadline as further information becomes available.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist