HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

HIPAA Breach Report: October 2013

October 2013 HIPAA Breach Summary:

The Breach Notification Rule of the Health Insurance Portability and Accountability Act requires all covered entities and their Business Associates to report all data breaches affecting more than 500 individuals to the Department of Health and Human Services’ Office for Civil Rights (OCR). These breaches must be reported within 60 days of the discovery of the breach.

This report contains a summary of the breaches that were reported to the OCR during the month of October 2013.

Major HIPAA Breaches in October 2013

AHMC Healthcare Inc. and Affiliated Hospitals suffered a large data breach which exposed the records of 729,000 individuals after a laptop computer containing unencrypted PHI was stolen. This HIPAA breach compromised more records that the rest of the month’s data breaches combined.

Professional Transcription Services, a healthcare Business Associate, reported an unauthorized disclosure incident involving a network server in which 37,000 records were exposed.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Rotech Healthcare Inc. (FL) reported an incident involving a laptop computer, with the unauthorized disclosure compromising 10,680 records. Device theft also exposed 5,232 records at Paragon Benefits (GA), 5,500 records at Seton Healthcare Family (TX) and 5,840 at Greater Dallas Orthopaedic (TX).

Summary of Reported Breaches

In October 2013, a total of 840,429 individuals were affected by HIPAA data breaches in 29 incidents reported to the OCR within the 60-day Breach Notification period.

Breach Type

The theft of portable devices containing unencrypted PHI was the single largest cause of HIPAA breaches for the month. There were no reported hacking incidents this month.


Breaches by Covered Entity

Healthcare providers suffered the most data breaches in October 2013. These incidents exposed the data of 783,844 patients. Business Associates were responsible for 5 data breaches – involving 54,285 individuals – while there was only one breach reported by a Healthcare clearinghouse which exposed 2,300 records. No Health Plans reported any breaches in October.


Location of Breached Information



Data Source:

HHS OCR Breach Portal: ttps://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF4A0922D09B6E1CF5DAE375E0D0.ajp13w

*Data does not include HIPAA breaches reported to the OCR after the 60-day reporting deadline, as demanded by the Breach Notification Rule. Any errors made by CEs during the submission of HIPAA breach reports via the online portal will be reflected in this breach summary. Figures are deemed to be correct at the time of publishing, although covered entities are permitted to update breach reports after the 60 day deadline as further information becomes available.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.