|
Brown University |
RI |
Blue Cross Blue Shield of Rhode Island |
528 |
528 |
12/11/2009 |
Unauthorized Access/Disclosure |
Paper |
3/4/2010 |
12/11/2009 |
On January 5, 2010, BCBSRI was notified that a 16 page report pertaining to Brown Universityís health plan was impermissibly disclosed to two other BCBSRI agents. The reports contained the PHI of approximately 528 individuals. The PHI involved: first and last names, dates of service, cost of medical care provided, and member identification numbers. Following the breach, BCBSRI recovered the reports, received written assurances that any electronic copies of the reports were deleted, notified affected individuals of the breach, implemented new procedure for all outgoing correspondence, and is in the process of auditing all affected membersí claim history to ensure no fraud. |
|
MMM Health Care Inc. |
NY |
MSO of Puerto Rico, Inc. |
1907 |
1907 |
2/4/2010 |
Unauthorized Access/Disclosure |
Paper |
3/4/2010 |
2/4/2010 |
|
|
PMC Medicare Choice |
NY |
MSO of Puerto Rico, Inc. |
605 |
605 |
2/4/2010 |
Unauthorized Access/Disclosure |
Paper |
3/4/2010 |
2/4/2010 |
In its breach report and during the course of OCRís investigation, the covered entity advised that it took various corrective actions to prevent a reoccurrence of the breach. Specifically, the covered entity conducted a risk assessment which revealed that the breach may pose a significant risk of financial, reputational, or other harm to the 1,907 patients. The covered entity sent notification letters to the affected 1,907 patients apologizing for the breach. In addition, the covered entity had a radio advertisement played on the Radio Isla Radio Station in Puerto Rico on February 14, 2010 The covered entity implemented a corrective action plan in which the Health Services Department established a quality control process in order to ensure that letters that are sent by mail have the correct mailing address. In addition, the covered entity created and implemented a new policy and procedure which the Production Services Department will require a form to be completed when a print or mail job is requested. The covered entity also issued a directive from the Vice President of Member Services to all Production Services Department staff regarding the need to verify emails with the requesters and to request confirmation from requesters prior to proceeding with the mailing of each print job. Further, on February 19, 2010, the covered entity provided training to all staff on the newly revised policies and procedures |
|
Center for Neurosciences |
AZ |
|
1101 |
1101 |
12/15/2009 |
Theft |
Laptop |
3/4/2010 |
12/15/2009 |
|
|
Cardiology Consultants/Baptist Health Care Corporation |
FL |
|
7600 |
7600 |
12/19/2009 |
Theft |
Computer |
3/4/2010 |
12/19/2009 |
|
|
Educators Mutual Insurance Association of Utah |
UT |
Health Behavior Innovations |
5700 |
5700 |
12/27/2009 |
Theft |
Others (CDs) |
3/4/2010 |
12/27/2009 |
|
|
AvMed, Inc. |
FL |
|
1220000 |
1220000 |
12/10/2009 |
Theft |
Laptop |
6/4/2010 |
12/10/2009 |
|
|
The Methodist Hospital |
TX |
|
689 |
689 |
1/18/2010 |
Theft |
Computer |
2/22/2010 |
1/18/2010 |
An unencrypted laptop computer was stolen from the covered entityís unlocked testing office. The laptop computer contained the protected health information of approximately 689 individuals. The protected health information involved in the breach included names, dates of birth, Social Security numbers, and the age, gender, race, and medication information of affected individuals. Following the breach, the covered entity restricted the storage of electronic protected health information to network drives. Additionally, OCRís investigation resulted in the covered entity improving their physical safeguards and in retraining employees. |
|
Carle Clinic Association |
IL |
|
1300 |
1300 |
1/13/2010 |
Theft |
Paper and Films |
2/22/2010 |
1/13/2010 |
Protected health information was released from the covered entity when an imposter, posing as representatives of the legitimate recycling service used by the covered entity, removed several barrels of purged x-ray films and film jackets. The barrels contained the protected health information of approximately 1,300 individuals. The protected health information involved in the breach included full patient names, patient dates of birth, patient genders, patient clinic medical numbers, internal accession numbers, type of film and site locations, dates and times of image creation, physician or provider names, and internal provider numbers. Following the breach, the covered entity contacted the affected individuals by the breach, offered credit monitoring services to these individuals, investigated the root cause of the breach, and retrained the employee responsible for the breach on verification of identity policies and procedures. Additionally, OCRís investigation resulted in the covered entity creating a new policy and procedure that specifically addresses the verification of identity of disposal vendors and trained all relevant staff on the new policy. |
|
Ashley and Gray DDS |
MO |
|
9309 |
9309 |
1/10/2010 |
Theft |
Computer |
2/22/2010 |
1/10/2010 |
|
|
Goodwill Industries of Greater Grand Rapids, Inc. |
MI |
|
10000 |
10000 |
12/15/2009 |
Theft |
Other (Backup Tapes) |
2/22/2010 |
12/15/2009 |
On December 15, 2009, a safe was stolen from Goodwillís off-site facility, which contained five unencrypted back-up tapes. The breach affected approximately 10,000 individuals. The protected health information involved in the breach included full names, addresses, dates of birth, reasons for referral, dates of service, miscellaneous demographics, and, in some cases, Social Security numbers. The covered entity moved the off-site storage of back-up tapes to a new site controlled by Goodwill. The tapes are now kept in a commercial grade safe with a combination lock. The actions taken by Goodwill prior to OCRís formal investigation brought the covered entity into compliance. |
|
Daniel J. Sigman MD, PC |
MA |
|
1860 |
1860 |
12/11/2009 |
Theft |
Other Portable Electronic Device, Electronic Medical Record |
2/22/2010 |
12/11/2009 |
Computer backup tapes containing EPHI for the office practice management program including electronic medical records were stolen from the home of the practice manager on December 11, 2009. The breach affected approximately 1,860 patients. The protected health information on the tapes contained patientsí names, addresses, telephone numbers, dates of birth, insurance information, social security numbers and medical record information. Following the breach, Sigman took the following voluntary corrective actions: (1) upgraded software application for backup security; implemented a new external backup system in case the server goes down; (2) encryption software was implemented for data contained on both its backup tapes and network storage device; (3) revised its security policy for transporting backup media; backup tapes must now be stored in a lockbox within a locked office in its facility; the revised policy also prohibits the movement of backup tapes from the facility as well as restricts access to the tapes to designated workforce; (4) employees were retrained on the policies and procedures in place and received training on the new policies and procedures for safeguarding backup tapes; (5) notified affected individuals and the media. |
|
Blue Island Radiology Consultants |
IL |
United Micro Data |
2562 |
2562 |
12/9/2009 |
Loss |
Other (Backup Tapes) |
2/22/2010 |
12/9/2009 |
The business associate mailed a package to the covered entity that was supposed to contain a backup data tape and compact disc (CD) containing protected health information, but the tape and the CD were not in the package. Approximately 2,000 individuals were affected by the breach. Individual demographic, financial and clinical information was included in the protected health information. The covered entity provided written notice and an apology to affected individuals, provided them with details of the incident, described ways for these individuals to protect themselves from identity theft and provided a toll-free telephone number for the individuals to call if they had additional questions. Following the breach, the covered entity continues to backup data on tapes, but it now stores the tapes in a safe deposit box instead of sending them via the mail. |
|
Keith W. Mann, DDS, PLLC |
NC |
Rick Lawson, Professional Computer Services |
2000 |
2000 |
12/8/2009 |
Hacking/IT Incident |
Computer, Network Server, Electronic Medical Record |
2/22/2010 |
12/8/2009 |
|
|
Kaiser Permanente Medical Care Program |
CA |
|
15500 |
15500 |
12/1/2009 |
Theft |
Other Portable Electronic Device, Electronic Medical Record |
2/22/2010 |
12/1/2009 |
An employee left an external portable hard drive containing electronic protected health information in a vehicle that was stolen. The hard drive contained the protected health information of approximately 15,500 individuals. The protected health information involved in the breach included names, medical record numbers, and information relating to the care and treatment of various chronic health conditions. A subset of records may also have included dates of birth or ages, gender, phone numbers, and general information relating to the care and treatment of chronic health conditions. Following the breach, the responsible employee was terminated for violating KPís policies. Additionally, OCRís investigation resulted in the covered entity initiating deployment of a Removable Media Encryption software tool. |
|
University of California, San Francisco |
CA |
|
7300 |
7300 |
11/30/2009 |
Theft |
Laptop |
2/22/2010 |
11/30/2009 |
|
|
Detroit Department of Health and Wellness Promotion |
MI |
|
646 |
646 |
11/26/2009 |
Theft |
Laptop, Computer |
2/22/2010 |
11/26/2009 |
A desktop and four laptop computers were stolen from the covered entityís locked facility. The protected health information involved in the breach included names, addresses, dates of birth, social security numbers, types of services received, and Medicare/Medicaid numbers.Following the breach, the covered entity installed new office door locks with assigned keys, installed security cameras with alarms, and physically secured computers to desks. The covered entity now stores billing information in its patient management system, and it ensured that no electronic protected health information was stored locally. Additionally, OCRís investigation resulted in the covered entity providing training to workforce members regarding the incident |
|
Advocate Health Care |
IL |
|
812 |
812 |
11/24/2009 |
Theft |
Laptop |
2/22/2010 |
11/24/2009 |
On November 24, 2009, an Advocate nurseís laptop computer was stolen. The missing laptop computer contained the protected health information of approximately 812 individuals. The protected health information involved in the breach included name, address, dates of birth, social security numbers, insurance information, medication, and diagnoses. Following the breach, Advocate specifically addressed mobile device security and accepted use. Additionally, OCRís investigation resulted in Advocate workforce members that use mobile devices are now required to fill out and submit an acknowledgment form that establish proper administrative, technical, and physical security safeguards. |
|
Concentra |
TX |
|
900 |
900 |
11/19/2009 |
Theft |
Laptop |
2/22/2010 |
11/19/2009 |
|
|
Children's Medical Center of Dallas |
TX |
|
3800 |
3800 |
11/19/2009 |
Loss |
Other Portable Electronic Device |
2/22/2010 |
11/19/2009 |
|
|
Universal American |
NY |
Democracy Data & Communications, LLC |
83000 |
83000 |
11/12/2009 |
Unauthorized Access/Disclosure |
Paper |
2/22/2010 |
11/12/2009 |
In its breach report and during the course of OCRís investigation, the covered entity advised that it took various corrective actions to prevent a reoccurrence of the breach. Specifically, the covered entity conducted a risk assessment which revealed that the breach posed a significant risk of financial, reputational, or other harm to the 83,000 members. The covered entity sent notification letters to 83,000 members apologizing for the breach and offered a year of free credit monitoring and a $25,000 insurance policy against identity theft ($10,000 for New York residents). The covered entity also provided training to its call centers on November 29, 2009 to answer inquiries from callers concerned about the breach. In addition, media outlets were contacted to alert of a breach in states in which more than 500 members were impacted by the breach. The covered entity advised that media outlets were identified based on location of membership impacted, as well as ensuring it was a major media outlet and press releases were sent to 21 major media outlets on December 18, 2009. The covered entity also created and implemented a new policy titled ìPersonal Health Information and Personal Identifiable Information Data Security and Handling Policy Acknowledgement Formî that centralized all data requests through a ìTeam Trackî which is an internal electronic submission request that ensures all PHI requested data receives the sign off of the Privacy Officer and Security Officer prior to release. Further, the covered entity also provided a mandatory annual computer-based training to all staff in May 2010. |
|
Massachusetts Eye and Ear Infirmary |
MA |
|
1076 |
1076 |
11/10/2009 |
Theft |
Other |
2/22/2010 |
11/10/2009 |
Two employees misused patientsí credit card information. The employees worked in several different departments that served approximately 1,076 individuals. The protected health information involved in the breach included: names, addresses, and credit card information. Following the breach, the covered entity notified the affected individuals, the media and HHS. The entity also terminated the employees involved, offered mitigation in the form of one free year of credit monitoring for all affected individuals, revised their safeguards policy to include ìData Breach Preventionî and reviewed the physical processes involved when payment is made in person using a credit card |
|
Kern Medical Center |
CA |
|
596 |
596 |
10/31/2009 |
Theft |
Paper |
2/22/2010 |
10/31/2009 |
|
|
Blue Cross Blue Shield Association |
DC |
Service Benefits Plan Administrative Services Corp. |
3400 |
3400 |
10/26/2009 |
Unauthorized Access/Disclosure |
Paper (Mailing) |
2/22/2010 |
10/26/2009 |
The business associate incorrectly updated the contract holdersí addresses resulting in the mailing of protected health information to incorrect recipients. The breach affected approximately 3,400 members. The protected health information involved included demographic information, EOBs, clinical information, and diagnoses. In response to this incident, the covered entity took steps to enforce the requirements of its business associate agreement with SBP. The business associate improved its code review process to catch the system error that caused this incident and instituted a manual quality review process designed to identify bad addresses. |
|
Detroit Department of Health and Wellness Promotion |
MI |
|
10000 |
10000 |
10/22/2009 |
Theft |
Other Portable Electronic Device |
2/22/2010 |
10/22/2009 |
|
|
The Children's Hospital of Philadelphia |
PA |
|
943 |
943 |
10/20/2009 |
Theft |
Laptop |
2/22/2010 |
10/20/2009 |
A laptop computer was stolen from a hospital employeeís vehicle. The computer contained the protected health information of 943 individuals. The protected health information involved in the breach included names, contact information, dates of birth, social security numbers, medical record numbers, and health insurance information including diagnosis code in numeric form and billing code description. In response to this incident, the covered entity accelerated implementation of a pre-existing plan to encrypt all hospital laptops. Encryption of new and existing laptops was completed in June 2010. Additionally, the covered entity revised its information security policies and retrained its workforce. |
|
Brooke Army Medical Center |
TX |
|
1000 |
1000 |
10/16/2009 |
Theft |
Paper |
2/22/2010 |
10/16/2009 |
A binder with printed protected health information (PHI) was stolen from an employee's vehicle. The covered entity was unable to determine the number of affected individuals, but the stolen binder contained the PHI of up to 1,272 patients. The PHI involved in the breach included names, telephone numbers, detailed notes regarding treatment, and possibly Social Security numbers. Following the breach, the covered entity sanctioned the employee and developed a new policy requiring the on-call staff to submit any information created during the shift to the main office rather than adding it to the binder. Additionally, OCR's investigation resulted in the covered entity notifying the local media about the breach. |
|
Blue Cross Blue Shield Association |
DC |
Merkle Direct Marketing |
15000 |
15000 |
10/7/2009 |
Unauthorized Access/Disclosure |
Paper |
2/22/2010 |
10/7/2009 |
|
|
University of California, San Francisco |
CA |
|
610 |
610 |
9/22/2009 |
Hacking/IT Incident |
Email |
2/22/2010 |
9/22/2009 |
|
|
Alaska Department of Health and Social Services |
AS |
|
501 |
501 |
10/12/2009 |
Theft |
Other Portable Electronic Device |
2/22/2010 |
10/12/2009 |
|
|
Cogent Healthcare of Wisconsin, S.C. |
TN |
Cogent Healthcare, Inc. |
6400 |
6400 |
10/11/2009 |
Theft |
Laptop |
2/22/2010 |
10/11/2009 |
|
|
Health Services for Children with Special Needs |
DC |
|
3800 |
3800 |
10/9/2009 |
Loss |
Laptop |
2/22/2010 |
10/9/2009 |
A laptop was lost by an employee while in transit on public transportation. The computer contained the protected health information of 3800 individuals. The protected health information involved in the breach included names, Medicaid ID numbers, dates of birth, and primary physicians. In response to this incident, the covered entity took steps to enforce the requirements of the Privacy & Security Rules. The covered entity has installed encryption software on all employee computers, strengthened access controls including passwords, reviewed and updated security policies and procedures, and updated it risk assessment. In addition, all employees received additional security training. |
|
Blue Cross Blue Shield of Tennessee |
TN |
|
1023209 |
1023209 |
10/2/2009 |
Theft |
Other (hard drives) |
2/22/2010 |
10/2/2009 |
|
|
City of Hope National Medical Center |
CA |
|
5900 |
5900 |
9/27/2009 |
Theft |
Laptop |
2/22/2010 |
9/27/2009 |
A laptop computer was stolen from a workforce memberís car. The laptop computer contained the protected health information of approximately 5,900 individuals. Following the breach, the covered entity encrypted all protected health information stored on lap tops. Additionally, OCRís investigation resulted in the covered entity improving their physical safeguards and retraining employees. |
|
Michele Del Vicario, MD |
CA |
|
6145 |
6145 |
9/27/2009 |
Theft, Unauthorized Access/Disclosure |
Computer |
2/22/2010 |
9/27/2009 |
A shared Computer that was used for backup was stolen on 9/27/09 from the reception desk area of the covered entity. The Computer contained certain electronic protected health information (ePHI) of 6,145 individuals who were patients of the CE, The ePHI involved in the breach included names, dates of birth, and clinical information, but there were no social security numbers, financial information, addresses, phone numbers, or other ePHI in any of the reports on the disks or the hard drive on the stolen Computer. Following the breach, the CE: notified all 6,145 affected individuals and the appropriate media; added technical safeguards of encryption for all ePHI stored on the USB flash drive or the CD used on the replacement computer; all passwords are strong; all computers are password protected; added physical safeguards by keeping new portable devices locked when not in use in a secure combination safe in doctorís private office or in a secure filing cabinet; and added administrative safeguards by requiring annual refresher retraining of CE staff for Privacy and Security Rules as well as requiring immediate retraining of cleaning staff in both Rules, which has already taken place. |
|
Mark D. Lurie, MD |
CA |
|
5166 |
5166 |
9/27/2009 |
Theft, Unauthorized Access/Disclosure |
Computer |
2/22/2010 |
9/27/2009 |
A shared Computer that was used for backup was stolen on 9/27/09 from the reception desk area of the covered entity. The Computer contained certain electronic protected health information (ePHI) of 5,166 individuals who were patients of the CE, The ePHI involved in the breach included names, dates of birth, and clinical information, but there were no social security numbers, financial information, addresses, phone numbers, or other ePHI in any of the reports on the disks or the hard drive on the stolen Computer. Following the breach, the CE: notified all 5,166 affected indivís and the appropriate media; added technical safeguards of encryption for all ePHI stored on the USB flash drive or the CD used on the replacement computer; all passwords are strong; all computers are password protected; added physical safeguards by keeping new portable devices locked when not in use in a secure combination safe in doctorís private office or in a secure filing cabinet; and added administrative safeguards by requiring annual refresher retraining of CE staff for Privacy and Security Rules as well as requiring immediate retraining of cleaning staff in both Rules, which has already taken place. |
|
L. Douglas Carlson, M.D. |
CA |
|
5257 |
5257 |
9/27/2009 |
Theft, Unauthorized Access/Disclosure |
Computer |
2/22/2010 |
9/27/2009 |
A shared Computer that was used for backup was stolen on 9/27/09 from the reception desk area of the covered entity. The Computer contained certain electronic protected health information (ePHI) of 5,257 individuals who were patients of the CE. The ePHI involved in the breach included names, dates of birth, and clinical information, but there were no social security numbers, financial information, addresses, phone numbers, or other ePHI in any of the reports on the disks or the hard drive on the stolen Computer. Following the breach, the covered entity notified all 5,257 affected individuals and the appropriate media; added technical safeguards of encryption for all ePHI stored on the USB flash drive or the CD used on the replacement computer; added physical safeguards by keeping new portable devices locked when not in use in a secure combination safe in doctorís private office or in a secure filing cabinet; and added administrative safeguards by requiring annual refresher retraining of CE staff for Privacy and Security Rules as well as requiring immediate retraining of cleaning staff in both Rules. |
|
David I. Cohen, MD |
CA |
|
857 |
857 |
9/27/2009 |
Theft, Unauthorized Access/Disclosure |
Computer |
2/22/2010 |
9/27/2009 |
A shared Computer that was used for backup was stolen from the reception desk area, behind a locked desk area, probably while a cleaning crew had left the main door to the building open and the door to the suite was unlocked and perhaps ajar. The Computer contained certain electronic protected health information (ePHI) of 857 patients. The ePHI involved in the breach included names, dates of birth, and clinical information. Following the breach, the covered entity notified all affected individuals and the media, added technical safeguards of encryption for all ePHI stored on the USB flash drive or the CD used on the replacement computer, added physical safeguards by keeping new portable devices locked when not in use in a secure combination safe in doctorís private office or in a secure filing cabinet, and added administrative safeguards by requiring annual refresher retraining staff for Privacy and Security Rules as well as requiring immediate retraining of cleaning staff in both Rules, which has already taken place. |
|
Joseph F. Lopez, MD |
CA |
|
952 |
952 |
9/27/2009 |
Theft, Unauthorized Access/Disclosure |
Computer |
2/22/2010 |
9/27/2009 |
A shared Computer that was used for backup was stolen on 9/27/09. The Computer contained certain electronic protected health information (ePHI) of 952 patients. Following the breach, the covered entity notified all 952 affected individuals and the appropriate media; added technical safeguards of encryption for all ePHI stored on the USB flash drive or the CD used on the replacement computer; added physical safeguards by keeping new portable devices locked when not in use in a secure combination safe in doctorís private office or in a secure filing cabinet; and added administrative safeguards by requiring annual refresher retraining of staff for Privacy and Security Rules. |
|
Mid America Kidney Stone Association, LLC |
MO |
|
1000 |
1000 |
9/22/2009 |
Theft |
Network Server |
2/22/2010 |
9/22/2009 |
|
|
State of TN, Bureau of TennCare |
TN |
|
3900 |
3900 |
12/23/2009 |
Unauthorized Access/Disclosure |
Paper |
3/9/2010 |
12/23/2009 |
|
|
Lucille Packard Children's Hospital |
CA |
|
532 |
532 |
1/11/2010 |
Loss |
Computer |
3/9/2010 |
1/11/2010 |
|
|
University of New Mexico Health Sciences Center |
NM |
|
1898 |
1898 |
2/8/2010 |
Hacking/IT Incident |
Computer |
3/9/2010 |
2/8/2010 |
Malware compromised two workstation hard drives. The compromise affected 1898 individuals. The protected health information involved in the breach included patient names, dates of birth, medical record numbers, names of the patientsí health plans and type of health services provided for the patients. Following the discovery of the breach, the CE removed and replaced the affected computers and audited workstations to ensure PHI was not stored on hard drives in violation of policy. Additionally, the CE notified the affected individuals and local media and retrained staff. |
|
Advanced NeuroSpinal Care |
CA |
|
3500 |
3500 |
12/30/2009 |
Theft, Loss |
Network Server, Computer |
3/9/2010 |
12/30/2009 |
|
|
Aspen Dental Care P.C. |
CO |
|
2500 |
2500 |
10/4/2009 |
Theft |
Other |
3/23/2010 |
10/4/2009 |
Computer hard disks were stolen from a safe in the covered entityís locked dental office. The computer hard disks contained the protected health information of approximately 2,500 individuals. The protected health information involved in the breach included names, addresses, dates of birth, Social Security numbers, and dental information. Further investigation showed that the protected health information had been encrypted, rendering it unusable, unreadable, or undecipherable to unauthorized individuals pursuant to guidance issued by OCR, such that the theft of the computer hard disks did not constitute a breach of unsecured protected health information. Despite the fact that no breach was found to have occurred, following the incident, the covered entity upgraded physical security for the dental office by installing an alarm system. |
|
Shands at UF |
FL |
|
12580 |
12580 |
1/27/2010 |
Theft |
Laptop |
3/9/2010 |
1/27/2010 |
A laptop containing certain information collected on approximately 12,580 individuals referred to Shands at UF GI Clinical Services was stolen from the private residence of an employee. The stolen information included patient names, social security numbers, and medical record numbers. As a result of the incident, the employee was counseled by her supervisor, issued written corrective action with a 3-day suspension, and provided additional HIPAA training. OCR reviewed Shands at UFís most recent Risk Analysis and Risk Management Plans and they revealed no high risk findings related to encryption, workstation use, or physical security. OCRís investigation found that Shands at UF has implemented appropriate technical safeguards, such as secure VPN network connections and network storage for workforce usage, encrypted USB portable flash drives, and PGP whole disk encryption. |
|
Wyoming Department of Health |
WY |
|
9023 |
9023 |
12/2/2009 |
Unauthorized Access/Disclosure |
Network Server |
3/23/2010 |
12/2/2009 |
|
|
North Carolina Baptist Hospital |
NC |
|
554 |
554 |
2/15/2010 |
Theft |
Paper |
3/9/2010 |
2/15/2010 |
An employeeís car was broken into and a tote bag, which had a spreadsheet containing PHI was stolen from the car. The paper file that was in the tote bag had PHI pertaining to 554 patients. The type of PHI involved in the breach included the following: patientsí name, age, weight, race, Social Security number, and blood and tissue typing. Following the breach, among other things, the covered entityís Privacy Office reviewed the applicable policies and procedures with the clinic responsible, the employee involved was counseled, and affected patients were offered a year of credit monitoring services along with a toll-free number to contact the covered entity if the patients or their family members had any questions concerning the reported breach. As a result of OCRís investigation, the covered entity took several compliance actions, including creating an action plan to address the breach, installing video cameras in the parking dock for the clinic, and establishing a new Privacy and Information Security Council to help identify ways to improve and strengthen privacy and security policies and practices across the Medical Center. |
|
Thrivent Financial for Lutherans |
WI |
|
9500 |
9500 |
1/29/2010 |
Theft |
Laptop |
3/23/2010 |
1/29/2010 |
On January 29, 2010, there was a break-in at one of the Thriventís offices and five laptop computers were stolen; four of the five laptops were recovered. The missing laptop computer contained the protected health information of approximately 9,400 individuals. The protected health information involved in the breach included name, address, date of birth, social security number, prescription drugs, medical condition, age, weight, etc. Thrivent provided OCR with additional controls to remedy causes of security breach at various stages of implementation. The actions taken by the CE prior to OCRís formal investigation brought the CE into compliance. |
|
Montefiore Medical Center |
NY |
|
625 |
625 |
2/20/2010 |
Theft |
Laptop |
3/23/2010 |
2/20/2010 |
|
|
Ernest T. Bice, Jr. DDS, P.A. |
TX |
|
21000 |
21000 |
2/20/2010 |
Theft |
Other Portable Electronic Device |
3/23/2010 |
2/20/2010 |
Three unencrypted external back-up drives were stolen from a safe in the covered entityís locked office. The laptop computer contained the protected health information of approximately 21,000 individuals. The protected health information involved in the breach included names, addresses phone numbers, dates of birth, social security numbers, insurance information, and treatment histories. Following the breach, the covered entity moved back-up data offsite and encrypted all workstations. Additionally, OCRís investigation resulted in the covered entity improving their physical safeguards and in retraining employees. |
|
University Medical Center of Southern Nevada |
NV |
|
5103 |
5103 |
10/31/2009 |
Theft, Unauthorized Access/Disclosure |
Paper |
3/31/2010 |
10/31/2009 |
Between the dates of July 31, 2009 and November 19, 2009, a former UMC volunteer faxed patient face sheets to an attorney who used the sheets to contact prospective clients. Although UMC only had proof of two disclosures, it chose to notify all 5,301 individuals that could have been affected by the breach. The protected health information involved in the breach included names, addresses, dates of birth, social security numbers, and diagnoses. Following the breach, UMC conducted an internal investigation, notified all 5,301 individuals, notified the media, and notified the Secretary. Additionally, UMC reformulated face sheets so that they no longer include full social security numbers and provided all possible affected individuals with a year of free credit monitoring. As a result of this breach, at least one person has been indicted on one count of conspiracy to illegally disclose personal health information in violation of the HIPAA |
|
Lee Memorial Health System |
FL |
|
3800 |
3800 |
1/29/2010 |
Unauthorized Access/Disclosure |
Paper |
3/31/2010 |
1/29/2010 |
The covered entity sent postcards to approximately 3,800 patients, which listed the patientsí demographic information, and a statement that read, ìYour Physician Has Moved,î with a name and description of the practice, Infectious Disease Specialist. The types of PHI involved were demographic and clinical information. Voluntary actions taken prior to OCRís investigation include the issuance of sanctions and review of policies and procedures. |
|
Laboratory Corporation of America/Dynacare Northwest, Inc. |
WA |
|
5080 |
5080 |
2/12/2010 |
Theft |
Laptop |
3/31/2010 |
2/12/2010 |
A laptop computer was stolen from a workforce memberís car. The laptop computer contained the protected health information of approximately 5080 individuals. The protected health information involved in the breach included names, addresses, dates of birth, Social Security numbers, and lab results. Following the breach, the covered entity encrypted all laptop computers. |
|
Griffin Hospital |
CT |
|
957 |
957 |
2/4/2010 |
Unauthorized Access/Disclosure, Hacking/IT Incident |
Network Server |
4/12/2010 |
2/4/2010 |
|
|
Mount Sinai Medical Center |
FL |
|
2600 |
2600 |
3/9/2010 |
Theft, Unauthorized Access/Disclosure |
Laptop |
4/12/2010 |
3/9/2010 |
|
|
Hypertension, Nephrology, Dialysis and Transplantation, PC |
AL |
|
2024 |
2024 |
3/6/2010 |
Theft |
Laptop |
4/12/2010 |
3/6/2010 |
|
|
John Muir Physician Network |
CA |
|
5450 |
5450 |
2/4/2010 |
Theft |
Laptop |
4/15/2010 |
2/4/2010 |
John Muir Health reported to OCR-HQ that two laptops containing EPHI including patient names, dates of birth, and social security number was stolen from John Muir Health Womenís Health Center. Approximate 5,450 individualsí PHI was stolen. The types of EPHI involved in the breach are patient names, dates of birth, and social security numbers. The media was informed and all individuals were notified. John Muir Health advises that now, laptops are locked down with cables and encryption software has been installed. |
|
Laboratory Corporation of America/US LABS/Dianon Systems, Inc. |
AZ |
|
2773 |
2773 |
2/18/2010 |
Theft |
Other Portable Electronic Device |
4/15/2010 |
2/18/2010 |
An external hard drive containing ePHI of 2,773 individuals was stolen. The ePHI included first and last name, medical record number, date of birth, laboratory test information data, and some social security numbers. CE advises OCR that notice to the individuals went out April 13 and 14, 2010. The media (St. Petersburg Times) was notified. CE added emails will now be password protected and encrypted. As a result of the loss, CE has initiated an encryption project to encrypt external hard drives and related media.
|
|
VHS Genesis Lab Inc. |
IL |
|
6800 |
6800 |
1/10/2010 |
Loss |
Paper |
4/15/2010 |
1/10/2010 |
A monthís worth of client invoices went missing; evidence shows that the documents were never mailed, but despite a thorough search, the invoices were never located. The invoices contained the protected health information of over 500 individuals. The protected health information involved in the breach included names, dates of birth, and medical testing information. Following the breach, the covered entity notified its clients of the incident, placed notice on its website and in the Chicago Tribune, arranged for a business associate to handle the mailing of invoices in the future, and provided OCR with documentation of these actions. |
|
Providence Hospital |
MI |
|
83945 |
83945 |
2/4/2010 |
Loss |
Other |
4/15/2010 |
2/4/2010 |
|
|
University of Pittsburgh Student Health Center |
PA |
|
8000 |
8000 |
3/11/2010 |
Theft, Loss |
Paper |
4/15/2010 |
3/11/2010 |
Documents containing protected health information were lost when an employee of the covered entity confiscated and eventually destroyed them. The breach affected approximately 8,000 individuals. The documents contained names and financial information. Following the breach, the covered entity reviewed its policies and procedures for safeguarding the physical security of Paper. The covered entity terminated the employee who violated these policies by stealing the records. |
|
Reliant Rehabilitation Hospital North Houston |
TX |
Computer Program and Systems, Inc. (CPSI) |
763 |
763 |
2/9/2010 |
Unauthorized Access/Disclosure |
Email |
4/20/2010 |
2/9/2010 |
|
|
Tomah Memorial Hospital |
WI |
|
600 |
600 |
3/19/2010 |
Unauthorized Access/Disclosure |
Other |
4/26/2010 |
3/19/2010 |
A nurse impermissibly used the protected health information of patients to obtain narcotics from the Tomah Memorial Hospital for her own personal use. Tomah Memorial Hospital reported that approximately 600 patients were affected by the breach. The protected health information involved in the breach included the name and account number of the patient. Tomah Memorial Hospital terminated the nurse. Following the breach, Tomah Memorial Hospital created a monthly audit of Schedule II narcotics by each patient care department, which will match the medication dispense log to the order and bill. |
|
Affinity Health Plan, Inc. |
NY |
|
344579 |
344579 |
11/24/2009 |
Other |
Other |
4/27/2010 |
11/24/2009 |
|
|
Beatrice Community Hospital and Health Center |
NE |
McKesson Information Solutions, LLC |
660 |
660 |
3/19/2010 |
Unauthorized Access/Disclosure |
Paper |
4/29/2010 |
3/19/2010 |
|
|
St. Joseph Heritage Healthcare |
CA |
|
22012 |
22012 |
3/6/2010 |
Theft |
Computer |
4/30/2010 |
3/6/2010 |
22 computers were stolen from Clinical Management Service office.Five of the stolen computers contained the protected health information of approximately 22,012 individuals. The protected health information involved in the breach included name, date of birth, social security number, referral number, encounter number, facility, member ID, diagnosis, procedure, and/or diagnosis code. As a result of this incident, St. Joseph notified the potentially affected individuals, notified the local media, installed security cameras, re-trained employees, and installed encryption software on all laptops and Computers enterprise-wide. OCRís investigation resulted in the covered entity improving their physical and technological safeguards and retraining employees. |
|
South Carolina Department of Health and Environmental Control |
SC |
|
2850 |
2850 |
2/17/2010 |
Improper Disposal |
Paper |
5/4/2010 |
2/17/2010 |
The covered entity failed to adhere to its own policy to shred protected health information (PHI), and a third party found patient PHI in a paper recycling container behind the covered entity's building. The covered entity reported that approximately 2,850 individuals were affected. The PHI involved in the breach included names, addresses, dates of birth, Social Security numbers,payment information, and clinical information. Following the breach, the covered entity took several actions, including notifying affected individuals, revising and updating its policies for handling confidential information, educated staff, and terminated the courier that was responsible for taking the information to the recycling center. As a result of OCRís investigation, the covered entity provided written assurance that it had revised its policies and procedures. |
|
Medical Center at Bowling Green |
KY |
|
5418 |
5418 |
3/24/2010 |
Theft |
Other Portable Electronic Device |
5/4/2010 |
3/24/2010 |
|
|
Our Lady of Peace Hospital |
KY |
|
24600 |
24600 |
3/31/2010 |
Theft, Loss |
Other Portable Electronic Device |
5/4/2010 |
3/31/2010 |
|
|
Blue Cross & Blue Shield of Rhode Island |
RI |
|
12000 |
12000 |
12/20/2009 |
Unauthorized Access/Disclosure |
Paper |
5/4/2010 |
12/20/2009 |
On April 6, 2010, the covered entity learned that a filing cabinet it donated to a non-profit organization on December 20, 2009, contained membersí protected health information (PHI). The cabinet contained the PHI of approximately 12,000 individuals. The PHI involved member information for Medicare Health Surveys from 2001 to 2004, which contained names, addresses, telephone numbers, Social Security numbers, and Medicare identification numbers. Following the breach, the covered entity notified the affected individuals of the breach, notified the media, sanctioned the employees involved in the incident, held a mandatory training for all departments involved in the breach regarding Privacy, Security, and Compliance rules, regulations, and responsibilities, revised the policy for office moves requiring a series of checklists and approvals prior to moving furniture offsite, and offered all affected individuals free credit monitoring, including assistance with identify theft protection. |
|
Massachusetts Eye and Ear Infirmary |
MA |
|
3621 |
3621 |
2/19/2010 |
Theft |
Laptop |
5/4/2010 |
2/19/2010 |
|
|
Praxair Healthcare Services, Inc. |
CT |
|
54165 |
54165 |
2/18/2010 |
Theft |
Laptop |
5/4/2010 |
2/18/2010 |
A laptop computer was stolen from the covered entityís office by a former employee after it had been damaged. The laptop computer contained the PHI of approximately 54,165 individuals. The computer contained a limited amount of PHI, including client names and one or more of the following: addresses, phone numbers, social security numbers, insurance provider names and policy numbers, medical diagnostic codes or medical equipment. Following the breach, the covered entity notified all affected individuals, the media, and HHS of the breach. Additionally, the covered entity completed its laptop encryption project to cover all PHI stored on computers in the office. Additionally, OCRís investigation resulted in the covered entity reinforcing the requirements of HIPAA to its employees. |
|
Pediatric Sports and Spine Associates |
TX |
|
955 |
955 |
2/10/2010 |
Theft |
Laptop |
5/6/2010 |
2/10/2010 |
An unencrypted laptop was stolen from an employeeís vehicle. The laptop contained the protected health information of approximately 955 individuals. The protected health information involved in the breach included names, addresses, dates of birth, social security numbers, diagnoses, medications and other treatment information. Following the discovery of the breach, the covered entity revised policies, retrained staff and implemented additional physical and technical safeguards including encryption software. The covered entity also removed the stolen laptopís access to the server, sanctioned the involved employee, notified the affected individuals and notified the local media. |
|
Emergency Healthcare Physicians, Ltd. |
IL |
Millennium Medical Management Resources, Inc. |
180111 |
180111 |
2/27/2010 |
Theft |
Other Portable Electronic Device |
5/5/2010 |
2/27/2010 |
|
|
General Agencies Welfare Benefits Program |
TN |
Towers Watson |
1874 |
1874 |
2/5/2010 |
Loss |
Other |
5/5/2010 |
2/5/2010 |
|
|
South Texas Veterans Health Care System |
TX |
|
1430 |
1430 |
9/30/2009 |
Loss, Improper Disposal |
Paper |
5/12/2010 |
9/30/2009 |
The covered entity reported hard copies of medical records missing from a locked file room. The hard copies of the medical records contained the protected health information of approximately 1,430 individuals. The protected health information involved in the breach included names, Social Security numbers, and treatment information. Following the breach, the covered entity eliminated all hard copy logs by transferring them to an electronic database. The electronic database is accessible by authorized workforce members only. Additionally, OCRís investigation resulted in the covered entity improving their physical safeguards and retraining employees. |
|
Miami VA Healthcare System |
FL |
|
568 |
568 |
1/19/2010 |
Loss |
Paper |
5/13/2010 |
1/19/2010 |
A pharmacy log book was found missing in January that contained the protected health information (PHI) of veteran patients. Unfortunately, this logbook has not been uncovered. The pharmacy log book contained the names and partial Social Security numbers of 568 veterans. Following the breach, the covered entity sent out appropriate notification letters, and it instructed the employees to cease the practice of keeping log books. As a result of OCRís investigation, the covered entity revised and/or updated its policies and procedures with respect to safeguarding PHI and has now restricted the use of logbooks. |
|
Loma Linda University Health Care |
CA |
|
584 |
584 |
4/4/2010 |
Theft |
Computer |
5/17/2010 |
4/4/2010 |
|
|
Silicon Valley Eyecare Optometry and Contact Lenses |
CA |
|
40000 |
40000 |
4/2/2010 |
Theft |
Network Server |
5/17/2010 |
4/2/2010 |
|
|
VA Eastern Colorado Health Care System |
CO |
|
649 |
649 |
1/19/2010 |
Improper Disposal |
Paper |
5/17/2010 |
1/19/2010 |
|
|
Heriberto Rodriguez-Ayala, M.D. |
TX |
|
4200 |
4200 |
4/3/2010 |
Theft |
Laptop |
5/18/2010 |
4/3/2010 |
An unencrypted laptop computer was stolen from a personal vehicle. The laptop computer contained the protected health information of approximately 4,200 individuals. The protected health information involved in the breach included names, addresses, phone numbers, dates of birth, Social Security numbers, treatment histories, and some driverís license numbers. The covered entity notified the affected individuals and the media. Following the breach, the covered entity implemented new policies and procedures, retrained staff, and installed encryption software on all workstations. |
|
Veterans Health Administration |
DC |
Heritage Health Solutions |
656 |
656 |
4/22/2010 |
Theft |
Laptop |
5/19/2010 |
4/22/2010 |
A laptop was stolen from an employee of the business associate. The computer contained the protected health information (PHI) of 656 individuals. The PHI involved in the breach included names, social security numbers, dates of birth, and medication information. In response to this incident, the covered entity took steps to enforce the requirements of its business associate agreement with Heritage Health. The business associate installed encryption software on all employee computers, strengthened access controls including passwords, reviewed and updated security policies and procedures, and made improvements to the physical security of the building. In addition, the responsible employee was counseled, and all employees received additional security training. |
|
State of New Mexico Human Services Department, Medical Assistance Division |
NM |
DentaQuest |
9600 |
9600 |
3/20/2010 |
Theft |
Laptop |
5/19/2010 |
3/20/2010 |
The business associate's contractor left a laptop in a car. The car was stolen with the laptop containing protected health information of approximately 9,600 individuals. The EPHI involved in the breach included names, social security numbers, and demographic information. Following the breach, CE encrypted all laptops that contained PHI. |
|
Georgetown University Hospital |
DC |
|
2416 |
2416 |
3/26/2010 |
Theft |
Email, Other Portable Electronic Device |
5/19/2010 |
3/26/2010 |
An employee of the covered entity emailed protected health information (PHI) to an offsite research office (which is not itself a covered entity) in violation of the review preparatory to research protocol. The research office stored the electronic information on an external hard drive that was later stolen. The device contained the PHI of 2,416 individuals. The PHI involved in the breach included names, dates of birth, and clinical information. In response to this incident, the covered entity terminated transmission of the PHI to this research office and gave the responsible employee a verbal warning and counseling. Additionally, the covered entity undertook a review of all research affiliations involving PHI of hospital patients to confirm that appropriate documentation and procedures are in place. |
|
Rockbridge Area Community Services |
VA |
|
500 |
500 |
3/12/2010 |
Theft |
Laptop, Computer |
5/19/2010 |
3/12/2010 |
|
|
VA North Texas Health Care System |
TX |
|
4083 |
4083 |
5/4/2010 |
Improper Disposal |
Paper |
5/25/2010 |
5/4/2010 |
A binder and clipboard containing patientsí protected health information were missing from a file room. Approximately 4,083 individuals were affected. The protected health information involved in the breach included names, social security numbers, and dates of birth. Following the breach, the covered entity has eliminated all hard copy logs by transferring them to an electronic database. The electronic database is accessible by authorized workforce members only. Additionally, OCRís investigation resulted in the covered entity improving their physical safeguards and retraining employees. |
|
Oconee Physician Practices |
SC |
|
653 |
653 |
5/9/2010 |
Theft |
Laptop |
5/27/2010 |
5/9/2010 |
|
|
University of Rochester Medical Center Affiliates |
NY |
|
2628 |
2628 |
4/19/2010 |
Unauthorized Access/Disclosure |
Paper |
5/28/2010 |
4/19/2010 |
|
|
City of Charlotte Health Plan |
NC |
Towers Watson |
5220 |
5220 |
2/3/2010 |
Loss |
Other |
6/3/2010 |
2/3/2010 |
|
|
Rainbow Hospice and Palliative Care |
IL |
|
1000 |
1000 |
4/12/2010 |
Theft |
Laptop |
6/3/2010 |
4/12/2010 |
An employeeís laptop was stolen out of her bag while she was making an admission visit in a patientís home. The evidence showed that although the covered entity had a policy of encrypting and password-protecting its computers, this particular computer did not require a password most of the time. The invoices contained the protected health information (PHI) of approximately 1,000 individuals. The PHI stored on the laptop included names, addresses, dates of birth, phone numbers, Social Security numbers, Medicare numbers, electronic health records and commercial insurance information. Following the breach, the covered entity notified its clients of the incident, placed notice on its website and in The Daily Herald, sanctioned the employee for changing the security settings on the laptop in question, and established stringent computer security guidelines, and retrained its staff in the new requirements, with the intention of preventing a similar event from occurring again. |
|
Cincinnati Children's Hospital Medical Center |
OH |
|
60998 |
60998 |
3/27/2010 |
Theft |
Laptop |
6/3/2010 |
3/27/2010 |
An employeeís newly-issued, unencrypted laptop was stolen out of a car. Although the covered entity had a policy of encrypting its computers, an investigation revealed that new computers are not encrypted before they are given to employees. The laptop contained the protected health inforamtion (PHI) of approximately 60,998 individuals. The PHI stored on the laptop included names, medical record numbers, and services received at the covered entity. Following the breach, the covered entity notified its clients by letter of the incident, placed notice on various websites and in The Cincinnati Enquirer, and established a new internal procedure whereby all new computers would be encrypted before they are given to employees. |
|
Omaha Construction Industry Health and Welfare Plan |
NE |
DeBoer & Associates |
800 |
800 |
11/11/2009 |
Theft |
Laptop |
6/4/2010 |
11/11/2009 |
|
|
Nihal Saran, MD |
MI |
|
2300 |
2300 |
5/2/2010 |
Theft |
Laptop |
6/9/2010 |
5/2/2010 |
A password protected laptop computer containing protected health information (PHI) was stolen from Dr. Saran's personal residence. The laptop contained the PHI of approximately 2,300 individuals. The PHI stored on the laptop included patients' names, addresses, dates of birth, Social Security numbers, insurance information, and diagnoses. Following the breach, Dr. Saran notified the Northville Township Police Department of the theft, contacted the individuals reasonably believed to have been affected by the breach, sent a notice of the breach to the Detroit Free Press and the Monroe News, and installed encryption software for its billing software. |
|
UnitedHealth Group--SACE |
MN |
|
16291 |
16291 |
1/26/2010 |
Unauthorized Access/Disclosure |
Paper |
6/9/2010 |
1/26/2010 |
Paper correspondence to certain members in UnitedHealthís prescription drug plans were in advertently sent to the incorrect temporary address due to a database administration error. Approximately 16,291 individuals were affected by the breach. UnitedHealth memberís name, plan number and in some instances, date of birth and/or limited medical information. United Health reported that it stopped using PDIís proprietary database for address updates and made outbound verifications calls to members to get accurate temporary addresses. United Health reported that it revised its address update process. |
|
St. Jude Children's Research Hospital |
TN |
|
1745 |
1745 |
4/19/2010 |
Loss |
Laptop |
6/10/2010 |
4/19/2010 |
|
|
Occupational Health Partners |
KS |
|
1105 |
1105 |
5/12/2010 |
Theft |
Laptop |
6/11/2010 |
5/12/2010 |
|
|
TennCare |
TN |
DentaQuest |
10515 |
10515 |
3/20/2010 |
Theft |
Laptop |
6/11/2010 |
3/20/2010 |
|
|
WellPoint, Inc. |
IN |
|
31700 |
31700 |
11/3/2009 |
Hacking/IT Incident |
Network Server |
8/6/2010 |
11/3/2009 |
|
|
Lincoln Medical and Mental Health Center |
NY |
Siemens Medical Solutions, USA, Inc. |
130495 |
130495 |
3/24/2010 |
Loss |
Other |
6/29/2010 |
3/24/2010 |
|
|
The Children's Medical Center of Dayton |
OH |
|
1001 |
1001 |
4/22/2010 |
Unauthorized Access/Disclosure |
Email |
6/26/2010 |
4/22/2010 |
|
|
Comprehensive Care Management Corporation |
NY |
|
1020 |
1020 |
4/30/2010 |
Theft, Unauthorized Access/Disclosure |
Laptop, Computer, Network Server, Email |
6/29/2010 |
4/30/2010 |
|
|
Mary M. Desch, M.D. |
AZ |
|
5893 |
5893 |
5/15/2010 |
Theft |
Laptop |
7/1/2010 |
5/15/2010 |
|
|
University Health System |
NV |
|
7526 |
7526 |
6/11/2010 |
Theft |
Network Server |
7/1/2010 |
6/11/2010 |
|
|
Children's Hospital & Research Center at Oakland |
CA |
|
1000 |
1000 |
5/25/2010 |
Unauthorized Access/Disclosure |
Paper |
7/1/2010 |
5/25/2010 |
|
|
Sinai Hospital of Baltimore, Inc. |
MD |
Aramark Healthcare Support Services, Inc. |
937 |
937 |
5/3/2010 |
Unauthorized Access/Disclosure |
Email |
7/1/2010 |
5/3/2010 |
A business associate employee sent an email to multiple patients without concealing patient email addresses. The message concerned a dietary program in which the names and email addresses were visible to all recipients. The breach affected 937 individuals. In response to this incident, the covered entity took steps to enforce the requirements of its business associate agreement with Aramark. The business associate counseled the employee responsible for the breach and retrained all employees who may communicate with patients via email on the requirements of the Privacy and Security Rules as well as related policies and procedures. |
|
Alma Aguado, MD P.A. |
TX |
|
600 |
600 |
5/29/2010 |
Theft |
Network Server |
7/6/2010 |
5/29/2010 |
|
|
University Hospital |
GA |
Augusta Data Storage, Inc. |
14000 |
14000 |
5/7/2010 |
Loss |
Other |
7/12/2010 |
5/7/2010 |
|
|
University of Florida |
FL |
|
2047 |
2047 |
5/24/2010 |
Unauthorized Access/Disclosure |
Paper |
7/12/2010 |
5/24/2010 |
The covered entity mailed letters to patients which included either the childís social security number or Florida Medicaid number on the address label. The letters were mailed to approximately 2,047 individuals. Following the breach, the covered entity recalled the faulty files from the printing company and the medical survey company; notified all affected individuals and conducted mitigation discussions. Additionally, OCRís investigation resulted in the covered entity improving their physical safeguards and retraining employees. |
|
Centerstone |
TN |
|
1537 |
1537 |
5/1/2010 |
Loss |
Computer, Paper |
7/12/2010 |
5/1/2010 |
|
|
SunBridge Healthcare Corporation |
NM |
|
3830 |
3830 |
5/11/2010 |
Theft |
Laptop |
7/12/2010 |
5/11/2010 |
|
|
California Department of Healthcare Services |
CA |
Care 1st Health Plan |
29808 |
29808 |
4/29/2010 |
Loss |
Other Portable Electronic Device |
7/12/2010 |
4/29/2010 |
|
|
Long Island Consultation Center |
NY |
|
800 |
800 |
5/21/2010 |
Loss |
Other Portable Electronic Device |
7/19/2010 |
5/21/2010 |
|
|
NYU Hospital Center |
NY |
|
2563 |
2563 |
5/8/2010 |
Loss |
Other Portable Electronic Device |
7/19/2010 |
5/8/2010 |
|
|
E. Brooks Wilkins Family Medicine, PA |
NC |
|
13000 |
13000 |
2/1/2010 |
Theft, Unauthorized Access/Disclosure |
Computer, Other |
7/19/2010 |
2/1/2010 |
The breach report indicated that former employees took protected health information (PHI) pertaining to 13,000 patients and disclosed it to a competing medical practice. The PHI included the names and contact information for the patients. Following the breach, the entity terminated the employees who impermissibly used and disclosed the PHI. OCR also confirmed that the entity complied with the provisions of the Breach Notification Rule and notified the affected individuals. Additionally, the entity retrained its staff regarding the policies and procedures for safeguarding of PHI. |
|
University of Louisville Research Foundations, Inc. |
KY |
|
708 |
708 |
5/17/2010 |
Unauthorized Access/Disclosure, Hacking/IT Incident |
Network Server |
7/21/2010 |
5/17/2010 |
|
|
South Shore Hospital |
MA |
Iron Mountain Data Products, Inc. (now known as Archive Data Solutions, LLC) |
800000 |
800000 |
2/26/2010 |
Loss |
Other Portable Electronic Device, Electronic Medical Record, Other |
7/21/2010 |
2/26/2010 |
|
|
Prince William County Community Services |
VA |
|
669 |
669 |
6/18/2010 |
Theft |
Other Portable Electronic Device |
7/21/2010 |
6/18/2010 |
|
|
John Deere Health Benefit Plan for Wage Employees |
IL |
UnitedHealth Insurance Company |
1097 |
1097 |
6/24/2010 |
Unauthorized Access/Disclosure |
Paper |
7/22/2010 |
6/24/2010 |
|
|
Department of Health Care Policy & Financing |
CO |
Governor's Office of Information Technology |
105470 |
105470 |
5/17/2010 |
Theft |
Computer |
7/22/2010 |
5/17/2010 |
|
|
Aetna |
CT |
|
6372 |
6372 |
3/29/2010 |
Unauthorized Access/Disclosure |
Paper |
7/29/2010 |
3/29/2010 |
On May 28, 2010 Aetna discovered that a file cabinet containing member protected health information (PHI) was not cleaned out before it was given to Aetnaís vendor for removal. The documents inside the file cabinet contained the PHI of approximately 6,372 individuals. The information contained in the file cabinet included names, addresses/zip, dates of birth, and social security numbers of Aetna members. Following the breach, the covered entity notified the affected individuals of the incident, notified the media, provided each affected member with a free year of credit monitoring, noted the disclosure in the affected membersí records for accounting purposes. Additionally, employees were reminded about the importance of complying with Aetnaís policies for safeguarding membersí PHI, policies and procedures were updated, employees were retrained, and Aetna is currently updating supporting procedures to enhance controls surrounding the appropriate storage and destruction of confidential information. |
|
Medina County OB/GYN Associates, Inc. |
OH |
|
1200 |
1200 |
6/13/2010 |
Improper Disposal |
Paper |
7/29/2010 |
6/13/2010 |
|
|
UnitedHealth Group--SACE |
MN |
|
735 |
735 |
3/2/2010 |
Theft, Unauthorized Access/Disclosure |
Paper |
8/4/2010 |
3/2/2010 |
On March 2, 2010, the covered entity, United, discovered that remittance forms containing member information that accompany paper checks were stolen. The invoices contained the protected health information of over 735 individuals. The protected health information involved member information that allowed providers to properly record claim payments and credit accounts on behalf of each member for whom United was making a payment. Following the breach, the covered entity notified its clients of the incident, placed notice in The Miami Herald, provided each member with a credit monitoring package, reviewed its payment and remittance information controls, and notified its provider call centers to remain on a high level alert to monitor all remittance payments. |
|
Charles Mitchell, MD |
TX |
|
6873 |
6873 |
6/27/2010 |
Theft |
Computer |
8/4/2010 |
6/27/2010 |
|
|
The University of Texas at Arlington |
TX |
|
27000 |
27000 |
2/19/2010 |
Hacking/IT Incident |
Network Server |
8/4/2010 |
2/19/2010 |
A file server at the Office of Health Services was compromised and impermissibly accessed. The compromise potentially exposed the prescription records of 27,000 individuals to an unauthorized source. The protected health information involved in the breach included names, addresses diagnostic codes, name of medication prescribed, medication costs and some social security numbers. Following the discovery of the breach, UTA removed the server from the network, notified the affected individuals and notified local media. Following the breach, the covered entity also replaced the operating system and implemented additional technical safeguards. |
|
Trinity Health Corporation Welfare Benefit Plan |
MI |
Mercer Health & Benefits |
1073 |
1073 |
3/29/2010 |
Loss |
Other |
8/4/2010 |
3/29/2010 |
Trinity Health Corporation Welfare Benefit Planís business associate, Mercer Health & Benefits (Mercer) lost a server backup tape as it was being sent via FEDEX from Boise to Seattle. The backup tape contained information of about 375,000 individuals that Mercer serviced. The total affected at Trinity Health was about 1,073 current and former employees and their dependents. The protected health information involved included names, addresses, dates of birth, and social security numbers. Although Mercer concluded that the lost tape was configured so that even a sophisticated user would be unlikely to be able to access the data within, both Mercer and Trinity Health notified all possible affected individuals and offered free credit protection services. To prevent a similar breach from occurring in the future, Mercer now stores backup tapes through a third party vendor who offers secure transport services. Mercerís Boise office now encrypts backup tapes. Trinity Health has not had a business relationship with Mercer for many years and Mercer currently does not store any original PHI belonging to Trinity Health. |
|
DC Chartered Health Plan, Inc. |
DC |
|
540 |
540 |
5/26/2010 |
Theft |
Laptop |
8/6/2010 |
5/26/2010 |
|
|
Montefiore Medical Center |
NY |
|
23753 |
23753 |
6/9/2010 |
Theft |
Computer |
8/6/2010 |
6/9/2010 |
|
|
Montefiore Medical Center |
NY |
|
16820 |
16820 |
5/22/2010 |
Theft |
Computer |
8/6/2010 |
5/22/2010 |
|
|
Thomas Jefferson University Hospitals, Inc. |
PA |
|
21000 |
21000 |
6/14/2010 |
Theft |
Laptop |
8/18/2010 |
6/14/2010 |
|
|
Beauty Dental, Inc. |
IL |
|
657 |
657 |
6/5/2010 |
Theft, Loss |
Paper |
8/18/2010 |
6/5/2010 |
Following the breach, the covered entity notified its clients by letter of the incident, submitted a press release that outlined the circumstances of the breach to the Chicago Tribune and the Chicago Sun Times, required the individual who allegedly stole the documents to return all physical patient PHI in her possession and sign a statement swearing that she no longer possessed any patient documents, would not use or disclose the PHI in any manner and would erase an excel spreadsheet she had in her possession, installed a new security system for the office that requires the input of a code specific to each employee, and implemented new technical safeguards that limited employee access to ePHI according to the employeeís position and rank. |
|
Wright State Physicians |
OH |
|
1309 |
1309 |
6/11/2010 |
Loss |
Laptop |
8/18/2010 |
6/11/2010 |
On June 11, 2010, a laptop computer containing PHI was mistakenly discarded in the trash. The laptop computer contained the protected health information of approximately 1,309 individuals. The protected health information involved in the breach included patient full names or first initial and last name, dates of service, and in some cases, a brief description of medical condition or care. Following the breach, the covered entity submitted evidence of its progress in implementing encryption on its laptop computers in its various departments. |
|
Fort Worth Allergy and Asthma Associates |
TX |
|
25000 |
25000 |
6/29/2010 |
Theft |
Network Server |
8/18/2010 |
6/29/2010 |
A burglary occurred on the CEís premises. Approximately 25,000 individuals were affected. The PHI included name, addresses, dates of birth, SSNs, driver license numbers, and diagnosis and conditions. Following the breach, the covered entity is using an ASP model for its management practices, with the database stored in an off-site location. Access to the database is allowed only through an encrypted, password-protected VPN. Also, physical security was improved. After the initiation of OCRís investigation, CE amended its BAA with its BA. |
|
Jewish Hospital |
KY |
|
2089 |
2089 |
7/16/2010 |
Theft |
Laptop |
8/18/2010 |
7/16/2010 |
|
|
Walsh Pharmacy |
MA |
McKesson Pharmacy Systems LLC |
11440 |
11440 |
6/3/2010 |
Loss |
Other Portable Electronic Device |
8/18/2010 |
6/3/2010 |
|
|
Carolina Center for Development and Rehabilitation |
NC |
|
1590 |
1590 |
6/24/2010 |
Loss |
Paper |
8/18/2010 |
6/24/2010 |
The covered entity inadvertently sent 23 boxes containing protected health information to a recycling center. These boxes contained the names, addresses, Social Security numbers, insurance identification numbers, clinical information, and credit/debit card numbers of 1,590 individuals. Following the breach, the covered entity reviewed its policies and procedures, suspended several employees, and set up credit monitoring for those individuals affected. As a result of OCRís investigation, the covered entity placed a record into its accounting of disclosure log for each member impacted, terminated the suspended employees, revised its policies and procedures, and retrained staff. |
|
Humana Inc. |
KY |
Matrix Imaging |
2631 |
2631 |
6/25/2010 |
Unauthorized Access/Disclosure |
Paper |
8/18/2010 |
6/25/2010 |
The covered entityís business associate, Matrix Imaging, which was contracted to send out coverage
determination letters to Humana customers, sent the letters to incorrect addresses. Approximately 2,631
individuals were affected by the coverage determination letters being misrouted. Following the breach, the covered entity reprinted all erroneous coverage determination letters with an apology notice; implemented a process for the business associate to increase the timing for the quality assurance process to identify and suppress bad addresses; implemented additional manual quality controls and verification after the enveloping process with the business associate; and among other things, established an identification code printed on each letter that links the Member Address file to the actual printed letter. As a result of OCRís investigation, the covered entity placed a record into its accounting of disclosure records for each member impacted, and the accounting records for all 2,631 individuals have been updated to reflect the disclosures.
|
|
UNCG Speech and Hearing Center |
NC |
|
2300 |
2300 |
6/10/2010 |
Hacking/IT Incident |
Computer |
8/20/2010 |
6/10/2010 |
|
|
Loma Linda University School of Dentistry |
CA |
|
10100 |
10100 |
6/13/2010 |
Theft |
Computer |
8/20/2010 |
6/13/2010 |
|
|
Ward A. Morris, DDS |
WA |
|
2698 |
2698 |
7/16/2010 |
Theft |
Computer |
8/20/2010 |
7/16/2010 |
A computer server containing the electronic protected health information of 2,698 patients was stolen during an office burglary. The server was password-protected but not encrypted. The protected health information involved in the breach included names, addresses, dates of birth, social security numbers, and medical information. Following the breach, the covered entity encrypted all protected health information on workstations and servers. Additionally, OCRís investigation resulted in the covered entity improving their physical safeguards and retraining employees. |
|
Aultman Hospital |
OH |
|
13867 |
13867 |
6/7/2010 |
Theft |
Laptop |
8/20/2010 |
6/7/2010 |
|
|
Penn Treaty Network America Insurance Company |
PA |
|
560 |
560 |
6/4/2010 |
Unauthorized Access/Disclosure |
Other |
8/20/2010 |
6/4/2010 |
Social security numbers were inadvertently printed on the address labels in a newsletter mailing. The mailing had 560 recipients. The covered entity acted to mitigate the disclosure by verifying that the all mail was correctly delivered. It also counseled the responsible employee and updated its policies and procedures. |
|
St. John's Mercy Medical Group |
MO |
|
1907 |
1907 |
6/6/2010 |
Improper Disposal |
Paper |
8/20/2010 |
6/6/2010 |
Covered entity improperly disposed of patients' Protected Health Information (PHI), by placing the PHI in a dumpster outside of a doctor's office. The PHI involved in the breach included demographic, financial, clinical, and other medical information. Following the breach, the covered entity notified all affected individuals of the breach, posted a notice about the incident on its website; attempted to retrieve and track all of the medical records that were inappropriately disposed of; offered all affected individuals identity theft protection; obtained a formal apology from and assumed direct office operations management of the physician involved; re-educated its workforce to reinforce policies relating to appropriate medical record protection and disposal requirements. |
|
Idaho Power Group Health Plan |
ID |
Mercer Health & Benefits |
5500 |
5500 |
3/29/2010 |
Loss |
Other |
8/20/2010 |
3/29/2010 |
Idaho Power Group Health Plan's business associate, Mercer Health and Benefits, lost a backup tape as it was being sent via FEDEX from Boise to Seattle. The backup tape contained information of about 375,000 individuals that Mercer serviced. The total affected at Idaho Power was about 5,500 current and former employees and their dependents. The protected health information involved included names, addresses, dates of birth, and social security numbers. Although Mercer concluded that the lost tape was configured so that even a sophisticated user would be unlikely to be able to access the data within, both Mercer and Idaho Power notified all possible affected individuals and offered free credit protection services. To prevent a similar breach from occurring in the future, Mercer now stores backup tapes through a third party vendor who offers secure transport services. Mercer's Boise office now encrypts backup tapes. Following the incident, Idaho Power renegotiated its contract with Mercer and continues to evaluate its business relationship with Mercer. |
|
Yale University |
CT |
|
1000 |
1000 |
7/28/2010 |
Theft |
Laptop |
8/20/2010 |
7/28/2010 |
|
|
Baylor College of Medicine/Texas Children's Hospital |
TX |
|
694 |
694 |
5/13/2010 |
Theft |
Laptop |
9/1/2010 |
5/13/2010 |
|
|
Cook County Health & Hospitals System |
IL |
|
7081 |
7081 |
5/30/2010 |
Theft |
Laptop |
9/1/2010 |
5/30/2010 |
An employeeís laptop was stolen out of a locked office; evidence shows that the laptop was password protected but not encrypted. The laptop contained the protected health information (PHI) of approximately 7,000 individuals. The PHI stored on the laptop included names, dates of birth, Social Security numbers, internal encounter numbers, and other administrative codes. Following the breach, the covered entity notified those individuals reasonably believed to have been affected by the breach, placed notice on its website and with a local news center; established stringent computer security guidelines, and retrained its staff in the new requirements with the intention of preventing a similar event from occurring again. |
|
University of Kentucky |
KY |
|
2027 |
2027 |
6/18/2010 |
Theft |
Laptop |
9/1/2010 |
6/18/2010 |
|
|
Chattanooga Family Practice Associates, PC |
TN |
|
1711 |
1711 |
7/15/2010 |
Loss |
Other Portable Electronic Device |
9/1/2010 |
7/15/2010 |
|
|
Holyoke Medical Center |
MA |
|
24750 |
24750 |
7/26/2010 |
Improper Disposal |
Paper |
9/1/2010 |
7/26/2010 |
|
|
Eastmoreland Surgical Clinic |
OR |
|
4328 |
4328 |
7/5/2010 |
Theft |
Laptop, Computer, Other Portable Electronic Device |
9/1/2010 |
7/5/2010 |
Three Computers, one laptop computer, and a backup drive, containing the electronic protected health information (EPHI) of 4,328 individuals, were stolen on July 5, 2010. The EPHI involved in the breach included names, addresses, phone numbers, dates of birth, Social Security numbers, reason for visits, and insurance information. Following the breach, the covered entity implemented backup and whole disk encryption on electronic information systems that maintain EPHI and improved their physical safeguards. Additionally, OCRís investigation resulted in the covered entity improving their administrative safeguards, such as password complexity requirements and data backup protocols. |
|
Saint Barnabas Medical Center |
NJ |
KPMG LLP |
3630 |
3630 |
5/10/2010 |
Loss |
Other Portable Electronic Device |
9/10/2010 |
5/10/2010 |
|
|
Newark Beth Israel Medical Center |
NJ |
KPMG LLP |
956 |
956 |
5/10/2010 |
Loss |
Other Portable Electronic Device |
9/10/2010 |
5/10/2010 |
|
|
NYU School of Medicine Aging and Dementia Clinical Research Center |
NY |
|
1200 |
1200 |
4/3/2010 |
Loss |
Other Portable Electronic Device |
9/10/2010 |
4/3/2010 |
|
|
SunBridge Healthcare Corporation |
NM |
|
1000 |
1000 |
6/26/2010 |
Theft |
Other Portable Electronic Device |
9/10/2010 |
6/26/2010 |
|
|
LabCorp Patient Service Center |
NV |
|
507 |
507 |
8/2/2010 |
Theft |
Paper |
9/20/2010 |
8/2/2010 |
|
|
The Kent Center |
RI |
|
1361 |
1361 |
7/13/2010 |
Theft |
Paper |
9/20/2010 |
7/13/2010 |
Following the breach, the covered entity notified all affected individuals, the media, and HHS of the breach. Additionally, the covered entity sanctioned the employee involved, revised its confidentiality policy related to safeguarding client lists, and re-trained its employees. Additionally, OCRís investigation resulted in the covered entity revising and updating its Breach Notification policies and reinforcing the requirements of the Privacy and Breach Rules to its employees. |
|
Mayo Clinic |
MN |
|
1740 |
1740 |
7/15/2010 |
Unauthorized Access/Disclosure |
Electronic Medical Record |
9/20/2010 |
7/15/2010 |
Following the breach, the covered entity: conducted an investigation; terminated the employee who had inappropriately accessed the PHI; re-educated its employees regarding patient privacy and access to PHI; enhanced its supervision of employees and monitoring of their access activity; notified individuals reasonably believed to have been affected and provided them with an information hotline and identity theft services at no cost, if so requested; placed a notice of the breach on its website and in the local newspaper; and submitted a breach report to OCR along with documentation of its voluntary compliance actions |
|
Curtis R. Bryan, MD |
VA |
|
2739 |
2739 |
7/12/2010 |
Theft |
Laptop |
9/20/2010 |
7/12/2010 |
|
|
State of Delaware Health Plan |
DE |
Aon Consulting |
22642 |
22642 |
8/16/2010 |
Unauthorized Access/Disclosure |
Network Server |
9/20/2010 |
8/16/2010 |
The business associate prepared a document as part of a request for proposal for the covered entityís vision benefit program which mistakenly included protected health information of 22,642 individuals. The document was posted online for five days. The protected health information involved in the breach included social security numbers, dates of birth, gender, zip codes, and vision plan enrollment information. In response to this incident, the covered entity implemented additional safeguards to prevent this type of impermissible disclosure of protected health information. In particular, the covered entity will now require several layers of review before allowing public disclosure of documents prepared by the business associate. The covered entity also took steps to enforce the requirements of its business associate agreement with Aon Consulting. Aon will provide affected individuals with free credit monitoring, fraud resolution resources, and identity theft insurance. Additionally, the business associate has provided assurances to the covered entity that it has taken steps to prevent this type of impermissible disclosure in the future. |
|
Pediatric and Adult Allergy, PC |
IA |
|
19222 |
19222 |
7/11/2010 |
Loss |
Other Portable Electronic Device |
9/20/2010 |
7/11/2010 |
|
|
University of Rochester Medical Center and Affiliates |
NY |
|
857 |
857 |
8/2/2010 |
Loss |
Other Portable Electronic Device |
9/21/2010 |
8/2/2010 |
|
|
Ault Chiropractic Center |
IN |
|
2000 |
2000 |
9/15/2010 |
Theft |
Laptop, Computer |
9/21/2010 |
9/15/2010 |
|
|
Matthew H. Conrad, MD, PA |
KS |
|
1200 |
1200 |
8/20/2010 |
Theft |
Laptop, Paper |
10/1/2010 |
8/20/2010 |
|
|
Milford Regional Medical Center |
MA |
|
19750 |
19750 |
7/26/2010 |
Improper Disposal |
Paper |
10/1/2010 |
7/26/2010 |
|
|
St. James Hospital and Health Centers |
IL |
|
967 |
967 |
8/10/2010 |
Improper Disposal |
Paper |
10/1/2010 |
8/10/2010 |
|
|
St. Vincent Hospital and Health Care Center, Inc. |
IN |
|
1199 |
1199 |
7/25/2010 |
Theft |
Laptop |
10/1/2010 |
7/25/2010 |
|
|
University of Oklahoma-Tulsa, Neurology Clinic |
OK |
|
19264 |
19264 |
7/25/2010 |
Hacking/IT Incident |
Computer |
10/1/2010 |
7/25/2010 |
|
|
County of Los Angeles |
CA |
|
33000 |
33000 |
7/29/2010 |
Theft |
Paper |
10/1/2010 |
7/29/2010 |
|
|
Counseling and Psychotherapy of Throggs Neck |
NY |
|
9000 |
9000 |
9/6/2010 |
Theft |
Computer |
10/1/2010 |
9/6/2010 |
|
|
New York Presbyterian Hospital and Columbia University Medical Center |
NY |
|
6800 |
6800 |
7/1/2010 |
Hacking/IT Incident |
Network Server |
10/1/2010 |
7/1/2010 |
|
|
State of Alaska, Department of Health and Social Services |
AK |
Alaskan AIDS Assistance Association |
2000 |
2000 |
9/7/2010 |
Theft |
Other Portable Electronic Device |
10/1/2010 |
9/7/2010 |
|
|
Milton Pathology Associates, P.C. |
MA |
Goldthwait Associates |
11000 |
11000 |
7/26/2010 |
Improper Disposal |
Paper |
10/5/2010 |
7/26/2010 |
|
|
Lorenzo Brown, MD, Inc. |
CA |
|
928 |
928 |
8/17/2010 |
Theft |
Computer |
10/7/2010 |
8/17/2010 |
|
|
Wright Patterson Air Force Base |
OH |
|
2123 |
2123 |
7/29/2010 |
Improper Disposal |
Paper |
10/7/2010 |
7/29/2010 |
|
|
UnitedHealth Group--SACE |
MN |
CareCore National |
1270 |
1270 |
7/8/2010 |
Unauthorized Access/Disclosure |
Paper |
10/7/2010 |
7/8/2010 |
|
|
Alliance HealthCare Services, Inc. |
CA |
Eden Medical Center |
1474 |
1474 |
8/5/2010 |
Loss |
Other Portable Electronic Device |
10/7/2010 |
8/5/2010 |
Two USB storage devices containing ePHI of 1,474 individuals was lost. The USB storage devices contained 1,474 individualsí ePHI.The ePHI included first and last name, date of birth, and treatment information. As a result of the breach, the covered entity's email will now be password protected and encrypted. As a result of the loss, the CE has initiated an encryption project to encrypt external hard drives and related media. Additionally, the CE filed a police report, changed policies and procedures, and encrypted USB devices.
|
|
Alliance HealthCare Services, Inc. |
CA |
Oroville Hospital |
1469 |
1469 |
7/31/2010 |
Loss |
Other Portable Electronic Device |
10/7/2010 |
7/31/2010 |
Two USB storage devices containing ePHI of 1,469 individuals was lost. The ePHI included first and last name, date of birth, and treatment information. As a result of the breach, the covered entity's email will now be password protected and encrypted. As a result of the loss, the CE has initiated an encryption project to encrypt external hard drives and related media. Additionally, the CE filed a police report, changed policies and procedures, and encrypted USB devices. |
|
Utah Department of Health |
UT |
Utah Department of Workforce Services |
1298 |
1298 |
3/1/2010 |
Unauthorized Access/Disclosure |
Computer, Paper |
10/18/2010 |
3/1/2010 |
|
|
Cumberland Gastroenterology, P.S.C. |
KY |
|
2207 |
2207 |
9/18/2010 |
Theft |
Paper |
10/18/2010 |
9/18/2010 |
Following the breach, the covered entity took the following voluntary action: the local police department was contacted and a police report was filed; inventory was taken and reports were generated to get an accounting of patients who were affected by the storage break-in and the subsequent missing reports; individual notices to the affected individuals were sent; a press release was issued to the media; the entity implemented more physical security; and implemented action policy to expedite conversion to electronic medical records. As a result of OCRís investigation Cumberland Gastroenterology, P.S.C. reported taking the following additional steps: the covered entity now contracts with a shredding company to shred all documents containing PHI, and it has a valid Business Associate contract in place with this shredding company; the entity provided further written assurance that it is working with its current software provider to expedite transition to their Intergy Electronic Health Record; the entity provided further written assurance that it re-educated its workforce members on the revised policies and procedures with respect to storage and handling of PHI; and the entity placed an accounting of disclosures of protected health information in each of the affected individualsí medical records. |
|
LoneStar Audiology Group |
TX |
|
585 |
585 |
8/11/2010 |
Theft |
Laptop |
10/18/2010 |
8/11/2010 |
A laptop was stolen from a workforce memberís home. Approximately 585 individuals were affected. The PHI included addresses, dates of birth, diagnosis and conditions, medications and other treatment information. Following the breach, the covered entity encrypted all its laptops. After the initiation of OCRís investigation, the encryption of the laptops was completed. |
|
WESTMED Medical Group |
NY |
|
578 |
578 |
8/17/2010 |
Theft |
Laptop |
10/18/2010 |
8/17/2010 |
|
|
Johns Hopkins University Applied Physics Laboratory Medical and Dental Insurance Plan |
MD |
|
692 |
692 |
6/15/2010 |
Unauthorized Access/Disclosure |
Email |
10/19/2010 |
6/15/2010 |
Protected health information was attached to an email addressed to 85 employees by a benefits staff member. Within 5 days, all recipients were notified, and the email was deleted. Approximately 692 individuals were affected by this breach. The email included names, dates of birth, social security numbers, and marital and disability status. To prevent a similar breach from happening in the future, the covered entity instituted a policy to encrypt emails containing protected health information before it is sent out from the benefits department. Following OCRís investigation, the covered entity updated its policies and procedures establishing a new business process to require that all emails sent by the benefits office to 5 or more staff members that includes an attachment be reviewed by another team member to ensure the proper document is attached and took personnel action with the responsible employee. Further, the benefits office will use an encryption specialist to train all benefits office staff in the proper methods of encryption, explore future capability of automated flagging of any electronic communications sent by benefits office staff containing potentially sensitive data such as 9-digit numbers, and obtain additional HIPAA training. |
|
SW Seattle Orthopaedic and Sports Medicine |
WA |
|
9493 |
9493 |
9/4/2010 |
Hacking/IT Incident |
Network Server |
10/28/2010 |
9/4/2010 |
A database web server, containing the electronic protected health information (EPHI) of 9,493 individuals, was breached by an unknown, external person(s) for use as a game server. Although there was no indication of access to EPHI, the EPHI on the database web server included names, dates of birth, types of x-rays, and dates of x-rays. Following the breach, the covered entity relocated two servers to its more secure primary data center and removed the Internet access line that resulted in the breach. Additionally, OCRís investigation resulted in the covered entity improving their administrative safeguards, such as incident response and reporting. |
|
University of Arkansas for Medical Sciences |
AR |
|
1000 |
1000 |
10/12/2010 |
Theft |
Other Portable Electronic Device |
10/28/2010 |
10/12/2010 |
|
|
Keystone/AmeriHealth Mercy Health Plans |
PA |
|
808 |
808 |
9/20/2010 |
Loss |
Other Portable Electronic Device |
10/28/2010 |
9/20/2010 |
|
|
Debra C. Duffy, DDS |
TX |
|
4700 |
4700 |
8/5/2010 |
Theft |
Laptop, Network Server |
11/10/2010 |
8/5/2010 |
An unencrypted laptop and network server were stolen during a burglary of the office.The breach affected approximately 4700 individuals.The protected health information involved in the breach included treatment information for pediatric dental patients and social security numbers, insurance identification numbers and driverís license numbers. Following the discovery of the breach, the CE relocated the practice servers, secured the laptops and installed steel doors at the front entrance of the facility. Additionally, the CE notified the affected individuals and local media and retrained staff. |
|
Northridge Hospital Medical Center |
CA |
|
837 |
837 |
10/16/2010 |
Loss |
Paper |
11/10/2010 |
10/16/2010 |
The entity mailed documents containing protected health information via Fed Ex and was later informed that the documents did not arrive at the desired destination. The entity conducted an investigation to determine the root cause of the breach; provided OCR with evidence that it had made significant efforts to contact the individuals reasonably believed to have been affected by the breach; and submitted its privacy procedures relevant to this investigation. The entity also took assertive action to prevent a future recurrence by modifying its standard procedures that require paper record submission and instead to accept a secure electronic transmission of all future documents containing PHI. Now all such records are sent only via secure electronic delivery. |
|
Aetna, Inc. |
CT |
|
2345 |
2345 |
9/9/2010 |
Unauthorized Access/Disclosure |
Network Server |
11/10/2010 |
9/9/2010 |
Aetna notified all possibly affected individuals of the breach, filed a breach report with OCR, commenced an investigation to identify and correct the root cause of the issue; the coding changes that were causing the breach were removed from IPS via Aetnaís emergency Change Management procedures to prevent any further exposure while the problem was analyzed; once the specific code that conflicted with its proxy server settings was identified as the root cause of the breach, it was removed. Also, in an effort to mitigate any harm as a result of the breach, Aetna offered all affected individuals one year of free credit monitoring, and the notification letters included a toll-free number which was established specifically to answer questions related to this incident. |
|
Manor Care of Indy (South), LLC |
IN |
|
845 |
845 |
9/11/2010 |
Unauthorized Access/Disclosure |
Paper |
11/19/2010 |
9/11/2010 |
|
|
Sta-Home Health & Hospice |
MS |
|
1104 |
1104 |
9/16/2010 |
Theft |
Computer |
11/19/2010 |
9/16/2010 |
|
|
VNA of Southeasten CT |
CT |
|
12000 |
12000 |
9/30/2010 |
Theft |
Laptop |
11/19/2010 |
9/30/2010 |
|
|
Henry Ford Hospital |
MI |
|
3700 |
3700 |
9/24/2010 |
Theft |
Laptop |
11/19/2010 |
9/24/2010 |
|
|
Puerto Rico Department of Health |
PR |
Triple-S Management, Corp.; Triple-S Salud, Inc. |
400000 |
400000 |
9/21/2010 |
Unauthorized Access/Disclosure, Hacking/IT Incident |
Network Server |
11/19/2010 |
9/21/2010 |
|
|
Prime Home Care, LLC |
NE |
|
1716 |
1716 |
9/13/2010 |
Theft |
Computer |
12/2/2010 |
9/13/2010 |
|
|
Robert Wheatley, DDS, PC |
MO |
|
1400 |
1400 |
10/17/2010 |
Theft |
Laptop |
12/2/2010 |
10/17/2010 |
|
|
Puerto Rico Department of Health |
PR |
Medical Card System/MCS-HMO/MCS Advantage/MCS Life |
115000 |
115000 |
9/3/2010 |
Unauthorized Access/Disclosure |
Other Portable Electronic Device |
12/2/2010 |
9/3/2010 |
|
|
Holy Cross Hospital |
FL |
|
1500 |
1500 |
7/27/2010 |
Theft |
Paper |
12/2/2010 |
7/27/2010 |
|
|
Memorial Hospital of Gardena |
CA |
|
771 |
771 |
10/14/2010 |
Unauthorized Access/Disclosure |
Paper |
12/10/2010 |
10/14/2010 |
|
|
Albert Einstein Healthcare Network |
PA |
|
613 |
613 |
10/21/2010 |
Theft |
Computer |
12/10/2010 |
10/21/2010 |
|
|
Oklahoma City VA Medical Center |
OK |
|
1950 |
1950 |
10/8/2010 |
Theft, Loss, Improper Disposal |
Paper |
12/10/2010 |
10/8/2010 |
|
|
Kings County Hospital Center |
NY |
|
542 |
542 |
8/22/2010 |
Theft |
Computer |
12/10/2010 |
8/22/2010 |
|
|
Triple-S Salud, Inc. |
PR |
Triple-C, Inc. |
8000 |
8000 |
10/3/2010 |
Theft, Unauthorized Access/Disclosure |
Network Server |
12/10/2010 |
10/3/2010 |
|
|
Triple-S Salud, Inc. |
PR |
Triple-C, Inc. |
398000 |
398000 |
9/9/2010 |
Theft |
Network Server |
12/10/2010 |
9/9/2010 |
|
|
Newark Beth Israel Medical Center |
NJ |
Professional Transcription Company, Inc. |
1744 |
1744 |
1/1/2010 |
Unauthorized Access/Disclosure |
Network Server |
12/10/2010 |
1/1/2010 |
|
|
University of Tennessee Medical Center |
TN |
|
8200 |
8200 |
9/23/2009 |
Improper Disposal |
Paper |
12/10/2010 |
9/23/2009 |
Following the breach, UTMC placed a shredding container in its Computer Services department to dispose of all paper documents with patient sensitive information. As a result of OCRís investigation, UTMC reported taking the following corrective actions: UTMC provided OCR with a copy of its ìRisk of Harmî analysis, which documented UTMCís steps in determining whether a breach in unsecured PHI occurred as reported in its breach report; it provided OCR with a copy of its sanctions policy, and a description of the sanctions imposed against the Computer Services Operation Center Supervisor, which included a cited violation of ìfailure to monitor work activity in area and appropriately supervise employees to ensure proper disposal of report containing PHI,î and the sanctions imposed were a written reprimand in the workforce memberís personnel file, and suspension for three (3) days without pay (OCR notes that UTMC applied the appropriate sanctions for this type of offense and/or violation); and UTMC implemented a corrective action plan to prevent future occurrences of the same nature.. |
|
Ochsner Health System |
LA |
H.E.L.P. Financial Corporation |
9475 |
9475 |
9/27/2010 |
Unauthorized Access/Disclosure |
Paper |
12/10/2010 |
9/27/2010 |
A programming error in a business associateís IT system caused the PHI of patients to be printed on letters sent to other patients. The printing error affected approximately 9475 individuals.The protected health information involved in the breach included patient names, medical record numbers and account balances. Following the discovery of the breach, the BA corrected the programming error and implemented additional quality checks. Additionally, the BA notified the affected individuals and the CE notified the local media. |
|
Mountain Vista Medical Center |
AZ |
|
2284 |
2284 |
10/13/2010 |
Loss |
Other Portable Electronic Device |
12/22/2010 |
10/13/2010 |
|
|
Zarzamora Family Dental Care |
TX |
|
800 |
800 |
10/15/2010 |
Theft |
Computer |
12/22/2010 |
10/15/2010 |
|
|
Hospital Auxilio Mutuo |
PR |
|
1000 |
1000 |
11/9/2010 |
Theft, Unauthorized Access/Disclosure, Hacking/IT Incident |
Laptop, Computer |
12/22/2010 |
11/9/2010 |
|
|
Cook County Health & Hospitals System |
IL |
|
556 |
556 |
11/1/2010 |
Theft |
Computer |
12/22/2010 |
11/1/2010 |
|
|
Dean Health Systems, Inc.; St. Mary's Hospital; St. Mary's Dean Ventures, Inc. |
WI |
|
3288 |
3288 |
11/8/2010 |
Theft |
Laptop |
12/22/2010 |
11/8/2010 |
|
|
Pinnacle Health System |
PA |
Gair Medical Transcription Services, Inc. |
1085 |
1085 |
9/23/2009 |
Unauthorized Access/Disclosure |
Network Server |
1/4/2011 |
9/23/2009 |
Pinnacle Health Systems was notified that a business associate, a medical transcription service, had a server compromised in which reports of Pinnacle patients could be viewed online. The server compromise involved the protected health information of 1085 individuals. The protected health information involved in the breach included names, Medicaid ID numbers, dates of birth, and primary physicians. In response to this incident, the covered entity took steps to enforce the requirements of the Privacy & Security Rules. The covered entity immediately discontinued its relationship with the business associate and engaged another medical transcription service. The covered entity also contracted with forensic consultants to ensure that the cause of the compromise was found that that all traces of breached medical reports were removed from online and inaccessible in the future. |
|
Gary C. Spinks, DMD, PC |
MD |
|
1000 |
1000 |
9/29/2010 |
Hacking/IT Incident |
Computer, Network Server |
1/4/2011 |
9/29/2010 |
|
|
Riverside Mercy Hospital and Ohio/Mercy Diagnostics |
OH |
|
1000 |
1000 |
11/15/2010 |
Improper Disposal |
Paper |
1/4/2011 |
11/15/2010 |
|
|
California Therapy Solutions |
CA |
|
1226 |
1226 |
11/15/2010 |
Theft |
Other Portable Electronic Device |
|
11/15/2010 |
|
|
Blue Cross Blue Shield Michigan |
MI |
Agent Benefits Corporation |
2979 |
2979 |
11/17/2010 |
Unauthorized Access/Disclosure, Hacking/IT Incident |
Network Server |
|
11/17/2010 |
|
|
Indiana Family and Social Services |
IN |
The Southwestern Indiana Regional Council on Aging |
757 |
757 |
11/9/2010 |
Theft |
Laptop |
|
11/9/2010 |
|
|
OhioHealth Corporation dba Grant Medical Center |
OH |
|
501 |
501 |
11/5/2010 |
Theft |
Laptop, Computer |
|
11/5/2010 |
|
|
Osceola Medical Center |
WI |
Hils Transcription |
500 |
500 |
11/25/2010 |
Unauthorized Access/Disclosure, Hacking/IT Incident |
Network Server |
|
11/25/2010 |
|
|
Mankato Clinic |
MN |
|
3159 |
3159 |
11/2/2010 |
Theft |
Laptop |
|
11/2/2010 |
|
|
International Union of Operating Engineers Health and Welfare Fund |
MD |
Zenith Administrators, Inc, |
800 |
800 |
11/3/2010 |
Theft |
Paper |
|
11/3/2010 |
|
|
Geisinger Wyoming Valley Medical Center |
PA |
|
2928 |
2928 |
11/6/2010 |
Unauthorized Access/Disclosure |
Email |
|
11/6/2010 |
|
|
Centra |
VA |
|
11982 |
11982 |
11/12/2010 |
Theft |
Laptop |
|
11/12/2010 |
|
|
Kadlec Regional Medical Center |
WA |
|
834 |
834 |
11/11/2010 |
Unauthorized Access/Disclosure, Hacking/IT incident |
Network Server |
|
11/11/2010 |
|
|
Ankle & foot Center of Tampa Bay, Inc. |
FL |
|
156000 |
156000 |
11/10/2010 |
Hacking/IT Incident |
Network Server |
|
11/10/2010 |
|
|
Southern Perioperative Services, P.C. |
AL |
|
2000 |
2000 |
11/17/2010 |
Theft |
Other Portable Electronic Device |
|
11/17/2010 |
|
|
Friendship Center Dental Office |
FL |
|
2200 |
2200 |
12/20/2010 |
Theft |
Laptop |
|
12/20/2010 |
|
|
Texas Health Harris Methodist Hospital Azle |
TX |
|
9922 |
9922 |
4/22/2010 |
Theft, Loss |
Other Portable Electronic Device |
|
4/22/2010 |
|
|
Seacoast Radiology, PA |
NH |
|
231400 |
231400 |
11/12/2010 |
Hacking/IT Incident |
Network Server |
|
11/12/2010 |
|
|
Fransiscan Medical Group |
WA |
|
1250 |
1250 |
11/18/2010 |
Theft |
Computer |
|
11/18/2010 |
|
|
St. Vincent Hospital - Indianapolis |
IN |
|
1848 |
1848 |
11/15/2010 |
Hacking/IT Incident |
Network Server/Email |
|
11/15/2010 |
|
|
Benefit Resources, Inc. |
SC |
|
16200 |
16200 |
11/22/2010 |
Loss |
Other Portable Electronic Device |
|
11/22/2010 |
|
|
Baylor Heart and Vascular Center |
TX |
|
8241 |
8241 |
12/2/2010 |
Theft |
Other Portable Electronic Device |
|
12/2/2010 |
|
|
Grays Harbor Pediatrics, PLLC |
WA |
|
12,594 |
12594 |
11/23/2010 |
Theft |
Other Portable Electronic Device |
|
11/23/2010 |
|
|
Baptist Memorial Hospital - Huntingdon |
TN |
|
4800 |
4800 |
11/27/2010 |
Loss |
Other |
|
11/27/2010 |
|
|
State of South Carolina Budge and Control Board Employee Insurance Program (EIP) |
SC |
|
5596 |
5596 |
11/18/2010 |
Hacking/IT Incident |
Computer |
|
11/18/2010 |
|
|
Hanger Prosthetics & Orthotics, Inc. |
TX |
|
4486 |
4486 |
11/24/2010 |
Theft |
Laptop |
|
11/24/2010 |
An unencrypted laptop was stolen from an employee offsite. The laptop contained the PHI of 4,486 patients. The protected health information involved in the breach contained names, addresses and procedure codes. Following the breach, the CE filed a police report, notified affected patients and notified the media. Following the discovery of the breach, the covered entity encrypted all existing laptops and implemented a policy requiring all future purchased laptops to be encrypted prior to being issued for use. |
|
Lake Woods Nursing and Rehabilitation Center |
MI |
|
656 |
656 |
12/28/2010 |
Theft |
Laptop, Computer |
|
12/28/2010 |
|
|
New York City Health & Hospitals Corporation's North Bronx Healthcare Network |
NY |
GRM Information Management Systems |
1700000 |
1700000 |
12/23/2010 |
Theft |
Electronic Medical Record, Other |
|
12/23/2010 |
|
|
University of Nebraska Medical Center |
NE |
|
611 |
611 |
11/22/2010 |
Theft |
Computer |
|
11/22/2010 |
|
|
Saint Louis University |
MO |
|
800 |
800 |
12/11/2010 |
Hacking/IT Incident |
Computer |
|
12/11/2010 |
|
|
CHC Memphis CMHC, LLC |
TN |
|
900 |
900 |
12/4/2010 |
Theft |
Computer |
|
12/4/2010 |
|
|
Green River District Health Department |
KY |
Intragenetics |
18,871 |
18871 |
1/12/2011 |
Hacking/IT Incident |
Network Server |
|
1/12/2011 |
|
|
Cancer Care Northwest P.S. |
WA |
|
3100 |
3100 |
1/7/2011 |
Loss |
Paper |
|
1/7/2011 |
|
|
Ortho Montana, PSC |
MT |
|
37000 |
37000 |
12/17/2010 |
Theft/Loss |
Laptop |
|
12/17/2010 |
|
|
Long Beach Memorial Medical Center |
CA |
|
2250 |
2250 |
12/10/2010 |
Unauthorized Access/Disclosure |
Other |
|
12/10/2010 |
|
|
Jefferson Center for Mental Health |
CO |
|
546 |
546 |
12/13/2010 |
Theft |
Paper |
|
12/13/2010 |
|
|
Health Net, Inc. |
CA |
IBM |
1900000 |
1900000 |
1/21/2011 |
Unknown |
Other |
|
1/21/2011 |
|
|
Clarksburg--Louis A. Johnson VA Medical Center |
WV |
|
1470 |
1470 |
10/26/2010 |
Unauthorized Access/Disclosure |
Paper |
|
10/26/2010 |
An employee of the VA left a file containing the protected health information of 1,470 patients in a government owned vehicle. The information included appointment sheets listing names, social security numbers and medical information specific to the upcoming appointment. The employee received disciplinary action, and staff received retraining in policies and procedures for safeguarding PHI . |
|
University Health Services, University of Massachusetts, Amherst |
MA |
|
942 |
942 |
9/29/2010 |
Unauthorized Access/Disclosure |
Computer |
|
9/29/2010 |
|
|
University of Missouri Health Plan |
MO |
Coventry Health Care, Inc. |
765 |
765 |
1/10/2011 |
Unauthorized Access/Disclosure |
Paper |
|
1/10/2011 |
|
|
Puerto Rico Department of Health |
PR |
|
2621 |
2621 |
3/14/2010 |
Unknown |
Computer |
|
3/14/2010 |
|
|
Henry Ford Hospital |
MI |
|
2777 |
2777 |
1/31/2011 |
Loss |
Other Portable Electronic Device |
|
1/31/2011 |
|
|
Charleston Area Medical Center, Inc |
WV |
Xforia Web Services |
3655 |
3655 |
2/8/2011 |
Unauthorized Access/Disclosure |
Network Server |
|
2/8/2011 |
|
|
JEFFREY J. SMITH, MD |
OK |
|
600 |
600 |
11/24/2010 |
Loss |
Computer/Other Portable Electronic Device |
|
11/24/2010 |
|
|
Texas Health Arlington Memorial Hospital |
TX |
|
654 |
654 |
12/23/2010 |
Unknown |
Electronic Medical Record |
|
12/23/2010 |
The IT department turned on the switch to a BA HIE without notifying patients of the exchange or obtaining authorization. The interface transmitted the PHI of 654 individuals. The PHI disclosed included patient names, addresses, dates of birth, social security numbers, other identifiers, diagnosis/conditions, medications, lab results, other treatment information and financial information. Following the breach, the CE revised the IT process, created a checklist that included notifying the affected departments and provided additional training to IT and registration employees. |
|
Blue Cross and Blue Shield of Florida |
FL |
|
7366 |
7366 |
10/16/2010 |
Unauthorized Access/Disclosure |
Paper |
|
10/16/2010 |
|
|
Central Brooklyn Medical Group, PC/Preferred Health Partners |
NY |
|
500 |
500 |
8/3/2010 |
Theft |
Paper |
|
8/3/2010 |
|
|
Eisenhower Medical Center |
CA |
|
514330 |
514330 |
3/11/2011 |
Theft |
Computer |
|
3/11/2011 |
|
|
Omnicare, Inc. |
KY |
|
8845 |
8845 |
1/19/2011 |
Theft |
Laptop |
|
1/19/2011 |
|
|
County of Los Angeles |
CA |
|
667 |
667 |
2/23/2011 |
Theft |
Laptop |
|
2/23/2011 |
|
|
Brian J Daniels D.D.S.,Paul R Daniels D.D.S. |
AZ |
|
10000 |
10000 |
3/1/2011 |
Theft |
Other Portable Electronic Device |
|
3/1/2011 |
|
|
MidState Medical Center |
CT |
|
93500 |
93500 |
2/14/2011 |
Loss |
Other |
|
2/14/2011 |
|
|
Catholic Social Services |
AK |
Trisha Elaine Cordova |
1700 |
1700 |
2/1/2011 |
Theft |
Laptop |
|
2/1/2011 |
A personal laptop computer was stolen from a contractorís vehicle. The laptop computer contained approximately 493 adoption home studies/ the protected health information of 1700 individuals. The protected health information involved in the breach included names, addresses, phone numbers, dates of birth, driverís license numbers, and health information; 20% of the files contained social security numbers. The covered entity did not have a business associate contract with the contractor at the time of the breach. OCRís investigation resulted in the covered entity developing policies and procedures for obtaining business associate contracts when required by the Privacy Rule and verifying that the contractor involved was not an independent covered entity. |
|
Rape & Brooks Orthodontics, P.C. |
AL |
|
20744 |
20744 |
2/3/2011 |
Theft |
Computer/Network Server/Other Portable Electronic Device |
|
2/3/2011 |
|
|
NYU School of Medicine Faculty Group Practice |
NY |
|
670 |
670 |
1/27/2011 |
Theft |
Computer |
|
1/27/2011 |
|
|
Park Avenue Obstetrics & Gynecology, PC |
AZ |
|
635 |
635 |
3/25/2011 |
Theft |
Other Portable Electronic Device |
|
3/25/2011 |
|
|
SW General Inc. |
AZ |
|
566 |
566 |
2/16/2011 |
Theft |
Paper |
|
2/16/2011 |
|
|
Union Security Insurance Company |
MO |
|
935 |
935 |
2/18/2011 |
Unauthorized Access/Disclosure |
Other |
|
2/18/2011 |
|
|
Aiken Community Based Outpatient Clinic |
SC |
|
2717 |
2717 |
2/16/2011 |
Improper Disposal |
Paper |
|
2/16/2011 |
|
|
Community Action Partnership of Natrona County |
WY |
|
15000 |
15000 |
2/23/2011 |
Hacking/IT Incident |
Computer |
|
2/23/2011 |
|
|
TRICARE Management Activity |
CO |
|
4500 |
4500 |
6/25/2010 |
Unauthorized Access/Disclosure |
Paper |
|
6/25/2010 |
|
|
Reid Hospital & Health Care Services |
IN |
|
22001 |
22001 |
4/2/2011 |
Theft |
Laptop |
|
4/2/2011 |
|
|
Drs. Edalji & Komer |
MA |
|
563 |
563 |
4/12/2011 |
Theft |
Laptop |
|
4/12/2011 |
|
|
Methodist Charlton Medical Center |
TX |
|
1500 |
1500 |
4/16/2011 |
Theft |
Laptop |
|
4/16/2011 |
An unencrypted laptop was stolen from a locked office in the hospital. The laptop contained the PHI of 1523 patients. The protected health information involved in the breach contained demographic and clinical data. Following the breach, the CE filed a police report, notified affected patients and notified the media. Additionally, the CE expanded its encryption policy to include more laptops and implemented additional physical safeguards. |
|
Keith & Fisher, DDS, PA |
NC |
|
6000 |
6000 |
2/16/2011 |
Hacking/IT Incident |
Network Server |
|
2/16/2011 |
|
|
Indiana Regional Medical Center |
PA |
|
1388 |
1388 |
9/28/2010 |
Theft |
Paper |
|
9/28/2010 |
|
|
MMM Healthcare, Inc. |
PR |
|
29,143 |
29143 |
3/8/2011 |
Theft |
Computer |
|
3/8/2011 |
|
|
PMC Medicare Choice |
PR |
|
22,568 |
22568 |
3/8/2011 |
Theft |
Computer |
|
3/8/2011 |
|
|
Union Security Insurance Company |
MO |
|
850 |
850 |
3/24/2011 |
Unauthorized Access/Disclosure |
Other |
|
3/24/2011 |
|
|
New York State Department of Health |
NY |
St. Mary's Hospital for Children |
550 |
550 |
4/17/2011 |
Theft |
Paper |
|
4/17/2011 |
|
|
Imaging Center of Garland |
TX |
|
1031 |
1031 |
3/15/2011 |
Improper Disposal |
Other (X-ray films) |
|
3/15/2011 |
|
|
Center for Arthritis and Rheumatic Diseases |
FL |
|
8000 |
8000 |
2/25/2011 |
Theft |
Paper |
|
2/25/2011 |
|
|
Robert B. Neves, M.D., Inc. |
CA |
|
611 |
611 |
5/8/2011 |
Theft |
Laptop |
|
5/8/2011 |
|
|
Robert B. Miller, MD |
CA |
|
620 |
620 |
4/1/2011 |
Theft |
Laptop |
|
4/1/2011 |
|
|
VA Caribbean Healthcare System |
PR |
|
6006 |
6006 |
3/30/2011 |
Improper Disposal |
Paper |
|
3/30/2011 |
|
|
Medicare Fee-for-Service Program |
MD |
Cahaba Government Benefit Administrators, LLC |
13,412 |
13412 |
4/11/2011 |
Unauthorized Access/Disclosure |
Paper |
|
4/11/2011 |
|
|
Spartanburg Regional Healthcare System |
SC |
|
400,000 |
400000 |
3/28/2011 |
Theft |
Computer |
|
3/28/2011 |
|
|
Tuba City Regional Health Care Corporation |
AZ |
|
2,000 |
2000 |
4/1/2011 |
Loss/Improper Disposal |
Paper |
|
4/1/2011 |
|
|
Navos |
WA |
|
2,700 |
2700 |
3/15/2011 |
Unknown |
Paper |
|
3/15/2011 |
|
|
New River Health Association |
WV |
|
950 |
950 |
4/1/2011 |
Unauthorized Access/Disclosure |
Paper |
|
4/1/2011 |
|
|
Foothills Nephrology, PC |
SC |
|
1,280 |
1280 |
4/28/2011 |
Theft |
Other Portable Electronic Device |
|
4/28/2011 |
|
|
Silverpop Systems, Inc. Health and Welfare Plan |
GA |
|
884 |
884 |
4/15/2011 |
Theft |
Laptop |
|
4/15/2011 |
|
|
Gene S. J. Liaw, MD. PS |
WA |
|
1,105 |
1105 |
4/4/2011 |
Loss |
Other Portable Electronic Device |
|
4/4/2011 |
An unencrypted USB drive used to store patient information could not be found in the office. The device contained data for 1,105 patients, including names, addresses, phone numbers, dates of birth, diagnosis codes, insurance information, and Social Security numbers. To prevent such a loss in the future, the entity replaced the missing drive with encryption-capable USB drives; put in place secure, locked storage facilities for its mobile devices; implemented policies preventing removal of such devices from the office; and provided individual notice to each of the affected patients. |
|
HealthCare Partners |
CA |
|
15,677 |
15677 |
4/17/2011 |
Theft |
Computers |
|
4/17/2011 |
|
|
Sutter Gould Medical Foundation (SGMF) |
CA |
Fidelity National Technology Imaging (FNTI) |
1,192 |
1192 |
5/23/2011 |
Loss |
Paper |
|
5/23/2011 |
|
|
University of Missouri Health Care |
MO |
|
1,288 |
1288 |
6/14/2011 |
Uknown |
Paper |
|
6/14/2011 |
|
|
Blue Cross and Blue Shield of Florida |
FL |
|
3,463 |
3463 |
4/11/2011 |
Unauthorized Access/Disclosure |
Paper |
|
4/11/2011 |
|
|
Accendo |
AZ |
|
175,350 |
175350 |
1/1/2011 |
Unauthorized Access/Disclosure |
Paper |
|
1/1/2011 |
|
|
Health Plan of San Mateo |
CA |
|
694 |
694 |
4/25/2011 |
Unauthorized Access/Disclosure |
Paper |
|
4/25/2011 |
|
|
Ohio Health Plans |
OH |
Area Agency on Aging, Ohio District 5 |
78,042 |
78042 |
6/3/2011 |
Theft |
Laptop |
|
6/3/2011 |
|
|
The Mount Sinai Hospital |
NY |
|
712 |
712 |
6/7/2011 |
Theft |
Laptop |
|
6/7/2011 |
|
|
Beth Israel Deaconess Medical Center |
MA |
|
2,021 |
2021 |
4/17/2011 |
Hacking/IT Incident |
Network Server |
|
4/17/2011 |
|
|
Jackson Health System |
FL |
|
1,562 |
1562 |
10/1/2009 |
Unauthorized Access/Disclosure |
Electronic Medical Record |
|
10/1/2009 |
|
|
Troy Regional Medical Center |
AL |
|
880 |
880 |
3/22/2011 |
Unauthorized Access/Disclosure |
Paper |
|
3/22/2011 |
|
|
Austin Center for Therapy and Assessment, LLC |
TX |
|
1,870 |
1870 |
7/8/2011 |
Theft |
Laptop |
|
7/8/2011 |
|
|
DeKalb Medical Center, Inc. d/b/a DeKalb Medical Hillandale |
GA |
|
7,500 |
7500 |
7/11/2010 |
Theft |
Paper |
|
7/11/2010 |
|
|
Anderson Air Force Base Guam |
VA |
|
700 |
700 |
5/13/2011 |
Improper Disposal |
Paper |
|
5/13/2011 |
The protected health information for 700 individuals was mistakenly disposed of in a recycle bin and subsequently bundled, shredded. The information included patients' medical history, immunization records and appointment schedules. Despite evidence that there was no risk of disclosure the covered entity notified all affected individuals. All staff received retraining on safeguards of PHI and proper disposal of PHI.
|
|
Molina Medicare |
CA |
RxAmerica |
4,573 |
4573 |
1/1/2011 |
Unauthorized Access/Disclosure |
Paper |
|
1/1/2011 |
|
|
Mills-Peninsula Health Services |
CA |
|
1,438 |
1438 |
11/1/2009 |
Unauthorized Access/Disclosure |
Paper |
|
11/1/2009 |
|
|
Brigham and Women's Hospital and Faulkner Hospital |
MA |
|
638 |
638 |
6/21/2011 |
Loss |
Other Portable Electronic Device |
|
6/21/2011 |
|
|
Treatment Services Northwest |
OR |
|
1,200 |
1200 |
7/29/2011 |
Theft |
Computer |
|
7/29/2011 |
|
|
Washington State Department of Social and Health Services |
WA |
|
3,950 |
3950 |
7/1/2011 |
Unauthorized Access/Disclosure |
Paper |
|
7/1/2011 |
|
|
Gail Gillespie and Associates, LLC |
TX |
|
2,334 |
2334 |
6/25/2011 |
Theft |
Laptop, Computer, Network Server |
|
6/25/2011 |
|
|
Clara Maass Medical Center ††††††††††††††††††† |
NJ |
Med Assets |
8,795 |
8795 |
6/24/2011 |
Theft |
Other Portable Electronic Device |
|
6/24/2011 |
|
|
Community Medical Center†††††††††††††††††††† |
NJ |
Med Assets |
6,950 |
6950 |
6/24/2011 |
Theft |
Other Portable Electronic Device |
|
6/24/2011 |
|
|
Kimball Medical Center †† ††††††††††††††††††††††† |
NJ |
Med Assets |
6,785 |
6785 |
6/24/2011 |
Theft |
Other Portable Electronic Device |
|
6/24/2011 |
|
|
Monmouth Medical Center ††††††††† ††††††††††† |
NJ |
Med Assets |
6,443 |
6443 |
6/24/2011 |
Theft |
Other Portable Electronic Device |
|
6/24/2011 |
|
|
Newark Beth Israel Medical Center ††††††† |
NJ |
Med Assets |
15,015 |
15015 |
6/24/2011 |
Theft |
Other Portable Electronic Device |
|
6/24/2011 |
|
|
Saint Barnabas Medical Center †††††††††††††† |
NJ |
Med Assets |
6,179 |
6179 |
6/24/2011 |
Theft |
Other Portable Electronic Device |
|
6/24/2011 |
|
|
Capron Rescue Squad District |
IL |
|
815 |
815 |
2/5/2011 |
Unauthorized Access/Disclosure |
Laptop |
|
2/5/2011 |
|
|
Health Care Service Corporation |
IL |
|
501 |
501 |
6/28/2011 |
Theft |
Paper |
|
6/28/2011 |
|
|
Ashley Industrial Molding, Inc. Employee Welfare Benefit Plan |
IN |
AssureCare Risk Management, Inc. |
506 |
506 |
8/9/2011 |
Hacking/IT Incident |
Network Server |
|
8/9/2011 |
|
|
Indiana University |
IN |
|
3,266 |
3266 |
8/16/2011 |
Theft |
Laptop |
|
8/16/2011 |
|
|
Cook County Health & Hospitals System |
IL |
Med Assets |
32,008 |
32008 |
6/24/2011 |
Theft |
Other Portable Electronic Device |
|
6/24/2011 |
|
|
Yanez Dental Corporation |
CA |
|
10,190 |
10190 |
5/22/2011 |
Theft |
Computer, Network Server |
|
5/22/2011 |
|
|
Stanford Hospital & Clinics |
CA |
Multi-Speciality Collection Services, LLC |
19,651 |
19651 |
9/9/2010 |
Unauthorized Access/Disclosure |
Other |
|
9/9/2010 |
|
|
NYU Hospital for Joint Diseases Inventory Management Department |
NY |
|
2,600 |
2600 |
6/23/2011 |
Improper Disposal |
Paper |
|
6/23/2011 |
|
|
VA Gulf Coast Veterans Health Care System |
MS |
|
1,797 |
1797 |
7/21/2011 |
Unautorized Access/Disclosure |
Paper |
|
7/21/2011 |
|
|
Diversified Resources, Inc. |
GA |
|
863 |
863 |
8/11/2011 |
Theft |
Laptop |
|
8/11/2011 |
|
|
Health Research Institute, Inc., Pfeiifer Treatment Center |
IL |
|
2,000 |
2000 |
7/1/2011 |
Theft |
Computer, Network Server |
|
7/1/2011 |
|
|
University of Wisconsin Oshkosh |
WI |
Living Healthy Community Clinic |
3,000 |
3000 |
7/18/2011 |
Hacking/IT Incident |
Computer, |
|
7/18/2011 |
|
|
North Memorial |
MN |
Accretive Health, Inc |
2,800 |
2800 |
7/25/2011 |
Theft |
Laptop |
|
7/25/2011 |
|
|
Fairview Health Services |
MN |
Accretive Health, Inc |
14,000 |
14000 |
7/25/2011 |
Theft |
Laptop |
|
7/25/2011 |
|
|
VA Illiana Health Care System |
IL |
|
518 |
518 |
7/14/2011 |
Loss |
Paper |
|
7/14/2011 |
|
|
Indiana University School of Optometry |
IN |
|
757 |
757 |
8/12/2011 |
Unauthorized Access/Disclosure |
Network Server |
|
8/12/2011 |
The security configuration of its server was changed and this resulted in a doctorís letters and reports being accessible over the Internet from 8/12 to 9/9/11.The information accessible contained the protected health information (PHI) of 757 individuals.The PHI appearing on the Internet included patient names, birth dates, medical history, diagnoses, and treatment plans. It identified and blocked the internet protocol (IP) address that was allowing access to IUSOís ePHI over the Internet, and removed the web portal that was facilitating access and restored the teacher server to its previous security configuration.Systems that allow and or transmit ePHI are now monitored and reported to the Privacy Officer for privacy and security assurance. |
|
Jonathan Noel MD |
IN |
|
2,059 |
2059 |
7/13/2011 |
Theft |
Other Portable Electronic Device |
|
7/13/2011 |
|
|
Maryville Academy |
IL |
|
3,897 |
3897 |
1/25/2011 |
Unknown |
Other Portable Electronic Device |
|
1/25/2011 |
|
|
Freda J. Bowman MD PA |
TX |
|
1,300 |
1300 |
8/8/2011 |
Unauthorized Access/Disclsoure, Hacking/IT Incident |
Network Server |
|
8/8/2011 |
|
|
NEA Baptist Clinic |
AR |
|
3,116 |
3116 |
7/12/2011 |
Hacking/IT Incident |
Network Server |
|
7/12/2011 |
|
|
Texas Health and Human Services Commission |
TX |
|
1,696 |
1696 |
3/10/2011 |
Theft |
Laptop |
|
3/10/2011 |
An unencrypted laptop was stolen from an employeeís vehicle. The laptop contained the ePHI of 1,696 patients. The information at issue included patient names, dates of birth, gender, Medicaid identification numbers, procedure codes and diagnosis. Following discovery of the breach, the CE notified affected patients and notified the media. Following the breach, the CE confirmed encryption of laptops per CEís policy and sanctioned three involved employees. |
|
The Neurological Institute of Savannah & Center of Spine |
GA |
|
63,425 |
63425 |
7/2/2011 |
Theft |
Other Portable Electronic Device |
|
7/2/2011 |
|
|
Gypsum Management and Supply, Inc. Medical and Dental Plan |
GA |
AssureCare Risk Management, Inc. |
25,330 |
25330 |
5/9/2011 |
Unauthorized Access/Disclosure |
Network Server |
|
5/9/2011 |
|
|
Texas Health Presbtyerian Hospital Flower Mound |
TX |
Texas Health Partners |
10,345 |
10345 |
6/21/2011 |
Theft |
Laptop |
|
6/21/2011 |
|
|
Muir Orthopaedic Specialists, A Medical Group Inc. |
CA |
|
1,800 |
1800 |
7/27/2011 |
Theft |
Paper |
|
7/27/2011 |
|
|
Windsor Health Plan |
TN |
RxAmerica |
1,378 |
1378 |
3/1/2011 |
Unauthorized Access/Disclosure |
Paper |
|
3/1/2011 |
|
|
Knox Community Hospital |
OH |
|
500 |
500 |
10/1/2010 |
Improper Disposal |
Other (X-ray film) |
|
10/1/2010 |
|
|
Fairview Health Services |
MN |
|
1,215 |
1215 |
2/19/2011 |
Loss |
Paper |
|
2/19/2011 |
|
|
Centro de Ortodancia |
PR |
|
2,000 |
2000 |
5/6/2010 |
Unauthorized Access/Disclosure |
Paper |
|
5/6/2010 |
|
|
Lexington VAMC |
KY |
|
1,432 |
1432 |
5/23/2011 |
Unauthorized Access/Disclosure |
Laptop, Other Portable Electronic Device, Paper |
|
5/23/2011 |
|
|
Henry Ford Health System |
MI |
|
520 |
520 |
8/8/2011 |
Theft |
Computer |
|
8/8/2011 |
|
|
Adult & Pediatric Dermatology, PC |
MA |
|
2,200 |
2200 |
9/14/2011 |
Theft |
Other Portable Electronic Device |
|
9/14/2011 |
|
|
Mutual of Omaha Insurance Company |
NE |
Futurity First Insurance Group |
705 |
705 |
7/28/2011 |
Theft |
Other Portable Electronic Device |
|
7/28/2011 |
|
|
United of Omaha Life Insurance Company |
NE |
Futurity First Insurance Group |
1,631 |
1631 |
7/28/2011 |
Loss |
Other Portable Electronic Device |
|
7/28/2011 |
|
|
United Health Group Health Plan |
MN |
Futurity First Insurance Group |
3,994 |
3994 |
7/28/2011 |
Theft |
Other Portable Electronic Device |
|
7/28/2011 |
|
|
InStep Foot Clinic, P.A. |
MN |
|
2,600 |
2600 |
8/28/2011 |
Theft |
Laptop, Electronic Medical Record |
|
8/28/2011 |
|
|
Summit Medical Group, PLLC |
TN |
|
731 |
731 |
9/4/2011 |
Theft |
Paper |
11/4/2011 |
9/4/2011 |
|
|
American Continental Insurance Company |
TN |
Futurity First Insurance Group |
690 |
690 |
7/28/2011 |
Theft |
Other Portable Electronic Device |
11/4/2011 |
7/28/2011 |
|
|
TRICARE Management Activity (TMA) |
VA |
Science Application International Corporation (SAI) |
4,901,432 |
4901432 |
9/13/2011 |
Loss |
Other (Backup Tapes) |
11/4/2011 |
9/13/2011 |
|
|
Thomas Jefferson University Hospitals, Inc. |
PA |
|
3,150 |
3150 |
9/5/2011 |
Theft |
Other (x-ray films) |
11/4/2011 |
9/5/2011 |
|
|
The Nemours Foundation |
FL |
|
1,055,489 |
1055489 |
8/10/2011 |
Loss |
Other (Backup Tapes) |
11/4/2011 |
8/10/2011 |
|
|
Florida Hospital |
FL |
|
12,784 |
12784 |
8/10/2011 |
Unauthorized Access/Disclosure |
Electronic Medical Record |
11/4/2011 |
8/10/2011 |
|
|
Amerigroup Community Care of New Mexico, Inc |
NM |
|
1,537 |
1537 |
7/15/2011 |
Theft |
Paper |
11/18/2011 |
7/15/2011 |
|
|
Stone Oak Urgent Care & Family Practice |
TX |
|
3,079 |
3079 |
10/23/2011 |
Theft/Loss |
Computer |
11/18/2011 |
10/23/2011 |
|
|
Concordia Plan Services†(CPS) |
MO |
HITS Scanning Solutions, Inc. |
7,059 |
7059 |
3/17/2011 |
Loss |
Other |
11/18/2011 |
3/17/2011 |
|
|
Conway Regional Medical Center |
AR |
|
1,472 |
1472 |
8/24/2011 |
Loss |
Other (CDs) |
11/18/2011 |
8/24/2011 |
|
|
Morris Heights Health Center |
NY |
|
927 |
927 |
8/27/2011 |
Theft |
Laptop |
11/18/2011 |
8/27/2011 |
|
|
Premier Imaging |
NC |
|
551 |
551 |
9/14/2011 |
Unauthorized Access/Disclosure |
Paper |
11/18/2011 |
9/14/2011 |
A newly hired employee impermissibly took patient registration documents home. The records taken included the protected health information of 551 patients. The information at issue included names, addresses, birth dates, social security numbers, and driverís license numbers. As a result, the CE terminated the employee, provided notice to the affected individuals, amended registration procedures, implemented additional safeguards for such information, and offered identity theft protection to the affected individuals. |
|
UCLA Health System |
CA |
|
2,761 |
2761 |
9/7/2011 |
Theft |
Other Portable Electronic Device |
11/18/2011 |
9/7/2011 |
|
|
Julie A. Kennedy, D.M.D., P.A. |
FL |
|
2,900 |
2900 |
9/30/2011 |
Theft |
Network Server |
11/18/2011 |
9/30/2011 |
|
|
Medcenter One |
ND |
|
650 |
650 |
10/21/2011 |
Theft |
Laptop |
12/8/2011 |
10/21/2011 |
|
|
Lankenau Medical Center |
PA |
|
500 |
500 |
9/6/2011 |
Theft |
Other (X-ray film) |
12/8/2011 |
9/6/2011 |
|
|
Good Samaritan Hospital |
MD |
|
1,500 |
1500 |
9/9/2011 |
Theft |
Other (X-ray film) |
12/8/2011 |
9/9/2011 |
|
|
Sutter Medical Foundation |
CA |
|
943,434 |
943434 |
10/15/2011 |
Theft |
Computer |
12/8/2011 |
10/15/2011 |
|
|
Logan County Emergeny Ambulance Service Authority |
WV |
|
12,563 |
12563 |
10/1/2011 |
Theft/Loss |
Laptop |
12/8/2011 |
10/1/2011 |
|
|
Dallas County Hospital District dba Parkland Health & Hospital System |
TX |
|
2,464 |
2464 |
9/5/2011 |
Unauthorized Access/Disclosure |
Electronic Medical Record/Paper |
12/8/2011 |
9/5/2011 |
|
|
KCI USA, Inc. |
TX |
|
567 |
567 |
9/8/2011 |
Theft |
Other Portable Electronic Device |
12/8/2011 |
9/8/2011 |
|
|
Lebanon Internal Medicine Associates |
PA |
|
55,000 |
55000 |
9/10/2011 |
Improper Disposal |
Network Server |
12/8/2011 |
9/10/2011 |
|
|
Rite Aid Corporation |
PA |
|
2,900 |
2900 |
10/7/2011 |
Other |
Paper |
1/10/2012 |
10/7/2011 |
|
|
University of Kentucky UK HealthCare |
KY |
|
878 |
878 |
9/25/2011 |
Loss |
Other Portable Electronic Device |
1/10/2012 |
9/25/2011 |
|
|
State of Tennessee Sponsored Group Health Plan |
TN |
|
1,770 |
1770 |
10/6/2011 |
Unauthorized Access/Disclosure |
Paper |
1/10/2012 |
10/6/2011 |
An equipment operator at the stateís postal facility set the machine to insert four (4) pages per envelope instead of one (1) page per envelope, which caused the PHI of four individuals to be sent to one address per envelope. The error affected approximately 1770 enrollees. The letters contained information such as names, addresses, birth dates, and social security numbers. As a result, the CE retrained the employee, submitted a breach report to HHS, provided notice to the affected individuals, notified the media, created a toll-free number for information regarding the incident, posted notice on its website, modified policies to remove the SSN on templates for future mailings, and offered identity theft protection to the affected individuals. Following the OCR investigation, the CE provided reviewed its policies and procedures to ensure adequate safeguards are in place. |
|
Advanced Occupational Medicine Specialists |
IL |
Blue Vantage Group |
7,226 |
7226 |
10/12/2011 |
Unauthorized Access/Disclosure |
Network Server |
1/10/2012 |
10/12/2011 |
|
|
Open MRI of Chicago |
IL |
Nation Wise Machine Buyers |
2,000 |
2000 |
9/6/2011 |
Improper Disposal |
Paper |
1/10/2012 |
9/6/2011 |
|
|
Roberts S. Smith M.D. Inc. |
GA |
|
17,000 |
17000 |
10/17/2011 |
Theft |
Laptop |
1/31/2012 |
10/17/2011 |
|
|
Molina Healthcare of California |
CA |
|
11,081 |
11081 |
09/23/2009 -10/18/2011 |
Unauthorized Access/Disclosure |
Paper |
1/31/2012 |
1/31/2012 |
|
|
Aegis Sciences Corporation |
TN |
|
2,184 |
2184 |
11/22/2011 |
Theft |
Laptop, Other Portable Electronic Device |
1/31/2012 |
11/22/2011 |
|
|
Smile Designs |
FL |
|
1,670 |
1670 |
12/1/2011 |
Theft |
Computer, Network Server |
1/31/2012 |
12/1/2011 |
|
|
Foundation Medical Partners |
NH |
|
771 |
771 |
11/19/2011 - 12/01/2011 |
Unauthorized Access/Disclosure |
Paper |
1/31/2012 |
1/31/2012 |
|
|
Muskogee Regional Medical Center |
OK |
|
844 |
844 |
12/5/2011 |
Loss |
Other |
1/31/2012 |
12/5/2011 |
|
|
Concentra Health |
MO |
|
870 |
870 |
11/30/2011 |
Theft |
Laptop |
1/31/2012 |
11/30/2011 |
|
|
Kansas Department on Aging |
KS |
|
7,757 |
7757 |
1/11/2012 |
Theft |
Laptop |
2/3/2012 |
1/11/2012 |
|
|
Delta Dental |
CA |
|
11,646 |
11646 |
12/22/2011 - 12/23/2011 |
Unauthorized Access/Disclosure |
Paper |
2/3/2012 |
2/3/2012 |
|
|
PBH |
NC |
|
50,000 |
50000 |
11/15/2011 |
Unauthorized Access/Disclosure |
Network Server, Email |
2/24/2012 |
11/15/2011 |
|
|
Olendorf Medical Services † |
NY |
|
549 |
549 |
1/17/2012 |
Theft |
Laptop |
2/24/2012 |
1/17/2012 |
|
|
Department of Medical Assistance Services |
VA |
ACS, Affiliated Computer Services, Inc. |
1,444 |
1444 |
11/02/2011 - 11/16/2011 |
Unauthorized Access/Disclosure |
Paper |
2/24/2012 |
2/24/2012 |
|
|
Flex Physical Therapy |
WA |
|
3,100 |
3100 |
12/30/2011 |
Theft |
Computer |
2/24/2012 |
12/30/2011 |
|
|
University of Miami |
FL |
|
1,219 |
1219 |
11/24/2011 |
Theft |
Other Portable Electronic Device |
2/24/2012 |
11/24/2011 |
|
|
Triumph LLC |
NC |
|
2,000 |
2000 |
12/13/2011 |
Theft |
Laptop |
2/24/2012 |
12/13/2011 |
|
|
Metro Community Provider Network |
CO |
|
3,200 |
3200 |
12/5/2011 |
Hacking/IT Incident |
Email |
3/19/2012 |
12/5/2011 |
|
|
Lakeview Medical Center |
WI |
|
698 |
698 |
1/4/2012 |
Theft |
Laptop |
3/19/2012 |
1/4/2012 |
|
|
Goshen Health System, Inc. |
IN |
|
660 |
660 |
12/22/2011 |
Hacking/IT Incident |
Other |
3/19/2012 |
12/22/2011 |
|
|
Loma Linda University Medical Center (LLUMC) |
CA |
|
1,366 |
1366 |
12/19/2011 |
Unauthorized Access/Disclosure |
Paper |
3/19/2012 |
12/19/2011 |
|
|
Medco Health Solutions, Inc. |
NJ |
|
1,287 |
1287 |
11/30/2011 |
Unauthorized Access/Disclosure |
Paper |
3/19/2012 |
11/30/2011 |
|
|
Indiana Internal Medicine Consultants |
IN |
|
20,000 |
20000 |
2/11/2012 |
Theft |
Laptop |
3/19/2012 |
2/11/2012 |
|
|
CardioNet, Inc |
PA |
|
1,300 |
1300 |
11/10/2011 |
Theft |
Laptop |
3/19/2012 |
11/10/2011 |
|
|
Georgetown University Hospital |
DC |
|
1,549 |
1549 |
11/1/2011 |
Unauthorized Access/Disclosure |
Paper |
3/19/2012 |
11/1/2011 |
|
|
CardioNet, Inc |
PA |
|
728 |
728 |
12/29/2011 |
Theft |
Laptop |
3/19/2012 |
12/29/2011 |
|
|
Applegate Valley Family Medicine |
OR |
Dr. Trandinh |
2,300 |
2300 |
12/01/2011 - 12/17/2011 |
Theft |
Laptop |
4/17/2012 |
12/01/2011 - 12/17/2011 |
|
|
Anchorage Community Mental Health Services Inc. |
AK |
|
2,743 |
2743 |
12/20/2011 - 01/04/2012 |
Unauthorized Access/Disclosure |
Computer |
4/17/2012 |
12/20/2011 - 01/04/2012 |
|
|
Alliant Health Plans, Inc. |
GA |
Catalyst Health Solutions, Inc. |
632 |
632 |
1/1/2012 |
Unauthorized Access/Disclosure |
Other |
4/17/2012 |
1/1/2012 |
|
|
Kern Medical Center |
CA |
|
1,431 |
1431 |
2/25/2012 |
Theft |
Paper |
4/17/2012 |
2/25/2012 |
|
|
Jeremaih J. Twomey, F.A.C.P., P.A. |
TX |
|
2,559 |
2559 |
12/31/2011 |
Theft |
Other |
4/17/2012 |
12/31/2011 |
|
|
Robley Rex VA Medical Center |
KY |
|
1,182 |
1182 |
1/9/2012 |
Theft/Loss |
Paper |
4/17/2012 |
1/9/2012 |
|
|
Baylor Heart and Vascular Center, LLP |
TX |
|
1,972 |
1972 |
1/26/2012 |
Theft |
Other Portable Electronic Device |
4/17/2012 |
1/26/2012 |
|
|
First Medical Center |
PR |
Quantum Health Consulting |
7,706 |
7706 |
1/11/2012 |
Theft |
Laptop |
4/17/2012 |
1/11/2012 |
|
|
Tufts Associated Health Maintenance Organization, Inc. and Tufts Insurance Company |
MA |
Caremark PCS Health, L.L.C. |
3,482 |
3482 |
1/17/2012 |
Other |
Paper |
4/17/2012 |
1/17/2012 |
|
|
William F. DeLuca Jr., M.D. |
NY |
|
577 |
577 |
1/16/2012 |
Theft |
Laptop |
4/17/2012 |
1/16/2012 |
|
|
Advanced Clinical Research Institute |
CA |
|
875 |
875 |
1/26/2012 |
Theft |
Paper |
4/17/2012 |
1/26/2012 |
|
|
St. Joseph's Medical Center |
CA |
|
712 |
712 |
2/2/2012 |
Theft |
Paper |
4/17/2012 |
2/2/2012 |
|
|
Georgia Health Sciences University |
GA |
|
513 |
513 |
1/18/2012 |
Theft |
Laptop |
4/17/2012 |
1/18/2012 |
|
|
Policlinica La Familia IPA 343 |
PR |
Quantum Health Consulting |
5,994 |
5994 |
1/11/2012 |
Theft |
Laptop |
5/10/2012 |
1/11/2012 |
|
|
Proveedores Aliados por tu Salud |
PR |
Quantum Health Consulting |
4,645 |
4645 |
1/11/2012 |
Theft |
Laptop |
5/10/2012 |
1/11/2012 |
|
|
Access Medical Group |
PR |
Quantum Health Consulting |
7,606 |
7606 |
1/11/2012 |
Theft |
Laptop |
5/10/2012 |
1/11/2012 |
|
|
Servicios Medicos Integrados de Fajardo |
PR |
Quantum Health Consulting |
36,609 |
36609 |
1/11/2012 |
Theft |
Laptop |
5/10/2012 |
1/11/2012 |
|
|
Grupo Medico- IPA 341 |
PR |
Quantum Health Consulting |
7,923 |
7923 |
1/11/2012 |
Theft |
Laptop |
5/10/2012 |
1/11/2012 |
|
|
Utah Department of Health |
UT |
Utah Department of Technology |
780,000 |
780000 |
03/10/2012-04/02/2012 |
Hacking/IT Incident |
Network Server |
5/10/2012 |
5/10/2012 |
|
|
The Neighborhood Christian Clinic |
AZ |
|
9,565 |
9565 |
2/7/2012 |
Loss |
Other Portable Electronic Device |
5/10/2012 |
2/7/2012 |
|
|
Seton Health Plan |
TX |
HealthLOGIX |
555 |
555 |
3/9/2012 |
Unauthorized Access/Disclosure |
Paper |
5/10/2012 |
3/9/2012 |
|
|
University of Arkansas for Medical Sciences |
AR |
|
7121 |
7121 |
2/15/2012 |
Unauthorized Access/Disclosure |
Other |
5/10/2012 |
2/15/2012 |
|
|
Desert AIDS Project |
CA |
|
4,400 |
4400 |
4/12/2012 |
Theft |
Computer |
5/10/2012 |
4/12/2012 |
|
|
Roy E. Gondo, M.D. |
WA |
|
2,100 |
2100 |
2/21/2012 |
Theft |
Computer, Electronic Medical Record |
5/10/2012 |
2/21/2012 |
|
|
Memorial Healthcare System |
FL |
|
9,497 |
9497 |
08/01/2011 - 02/12/2012 |
Theft |
Other |
5/10/2012 |
5/10/2012 |
|
|
DRD Management, Inc. D/B/A DRD Knoxville Medical Clinic - Central |
TX |
|
1,000 |
1000 |
2/16/2012 |
Improper Disposal |
Paper |
5/10/2012 |
2/16/2012 |
|
|
Rhinebeck Health Center/Center for Progressive Medicine |
NY |
|
6,745 |
6745 |
11/15/2011-12/14/2011 |
Hacking/IT Incident |
Computer, Network Server |
5/10/2012 |
5/10/2012 |
|
|
Awklein |
CA |
|
2,000 |
2000 |
2/1/2011 |
Theft |
Other |
6/8/2012 |
2/1/2011 |
|
|
IU Medical Group |
IN |
|
1,000 |
1000 |
4/11/2012 |
Improper Disposal |
Paper |
6/8/2012 |
4/11/2012 |
|
|
Rex Smith, DPM -Rex Smith Podiatry |
OR |
|
20,915 |
20915 |
2/19/2012 |
Theft |
Computer |
6/8/2012 |
2/19/2012 |
|
|
Emory Healthcare |
GA |
|
315,000 |
315000 |
02/07/2012 - 02/20/2012 |
Unknown |
Other (Backup Disks) |
6/8/2012 |
6/8/2012 |
|
|
UnitedHealth Group |
MN |
|
19,100 |
19100 |
6/28/2011 |
Unauthorized Access/Disclosure |
Other |
6/8/2012 |
6/28/2011 |
|
|
University of Houston for UH College of Optometry |
TX |
|
7,000 |
7000 |
02/22/2012-02/23/2012 |
Unauthorized Access/Disclosure, Hacking/IT incident |
Network Server |
6/8/2012 |
6/8/2012 |
|
|
South Carolina Department of Health and Human Services |
SC |
|
228,435 |
228435 |
01/31/2012 - 04/02/2012 |
Unauthorized Access/Disclosure |
Email |
6/8/2012 |
6/8/2012 |
|
|
IntraCare North Hospital |
TX |
|
741 |
741 |
03/15/2011 - 08/18/2011 |
Theft |
Paper |
6/8/2012 |
6/8/2012 |
|
|
Stephen Haggard, DPM Podiatry |
WA |
|
1,597 |
1597 |
3/4/2012 |
Theft |
Network Server |
6/8/2012 |
3/4/2012 |
|
|
Safe Ride Services, Inc |
AZ |
|
42,000 |
42000 |
8/31/2011 -1/31/2012 |
Unauthorized Access/Disclosure, Hacking/IT incident |
Network Server |
6/8/2012 |
6/8/2012 |
|
|
SHIELDS For Families |
CA |
|
961 |
961 |
2/27/2012 |
Theft |
Network Server |
6/8/2012 |
2/27/2012 |
|
|
Iowa Department of Human Services |
IA |
|
3,000 |
3000 |
02/06/2012 - 03/14/2012 |
Improper Disposal |
Paper |
6/8/2012 |
6/8/2012 |
|
|
Hogan Services Inc. Health Care Premium Plan |
MO |
|
1,134 |
1134 |
3/30/2012 |
Unauthorized Access/Disclosure |
Email |
6/8/2012 |
3/30/2012 |
|
|
Our Lady of the Lake Regional Medical Center |
LA |
|
17,339 |
17339 |
3/16/2012 |
Theft, Loss |
Laptop |
6/8/2012 |
3/16/2012 |
|
|
Ameritas Life Insurance Corp. |
NE |
|
3,000 |
3000 |
3/21/2012 |
Theft |
Laptop |
6/8/2012 |
3/21/2012 |
|
|
St. Mary Medical Center |
CA |
|
3,900 |
3900 |
5/7/2012 |
Loss |
Other Portable Electronic Device |
6/8/2012 |
5/7/2012 |
|
|
Upper Valley Medical Center |
OH |
|
15,000 |
15000 |
10/01/2010-03/21/2012 |
Unauthorized Access/Disclosure |
Other |
7/3/2012 |
7/3/2012 |
|
|
Luz Colon, DPM Podiatry |
FL |
|
1,137 |
1137 |
3/20/2012 |
Theft, Loss |
Laptop |
7/3/2012 |
3/20/2012 |
|
|
Duke University Health System |
NC |
|
1,961 |
1961 |
04/21/2004-02/16/2012 |
Unauthorized Access/Disclosure |
Other |
7/3/2012 |
7/3/2012 |
|
|
Independence Physical Therapy |
CT |
|
925 |
925 |
8/1/2011 |
Theft |
Computer |
7/3/2012 |
8/1/2011 |
|
|
Ameritas Life Insurance Corp. |
NE |
|
3,000 |
3000 |
3/21/2012 |
Theft |
Laptop |
7/3/2012 |
3/21/2012 |
|
|
Titus Regional Medical Center |
TX |
|
500 |
500 |
3/29/2012 |
Theft |
Other |
7/3/2012 |
3/29/2012 |
|
|
Lutheran Community Services Northwest |
WA |
|
756 |
756 |
03/29/2012-03/30/2012 |
Theft |
Computer, Other Portable Electronic Device |
7/3/2012 |
7/3/2012 |
|
|
West Dermatology |
CA |
|
1,900 |
1900 |
04/21/2012 - 04/22/2012 |
Theft |
Other |
7/3/2012 |
7/3/2012 |
|
|
Physician's Automated Laboratory |
CA |
|
745 |
745 |
03/23/2012 - 03/26/2012 |
Theft |
Paper |
7/3/2012 |
7/3/2012 |
|
|
Robert Witham, MD, FACP |
OR |
|
11,136 |
11136 |
4/16/2012 |
Theft |
Computer |
7/3/2012 |
4/16/2012 |
|
|
Volunteer State Health Plan, Inc. |
TN |
|
1,102 |
1102 |
03/16/2012-04/20/2012 |
Loss |
Paper |
7/3/2012 |
7/3/2012 |
|
|
Memorial Sloan-Kettering Cancer Center |
NY |
|
568 |
568 |
08/13/2009-04/12/2012 |
Unauthorized Access/Disclosure |
Email, Other |
7/3/2012 |
7/3/2012 |
|
|
Wolf & Yun |
KY |
|
824 |
824 |
4/24/2012 |
Theft |
Laptop |
7/26/2012 |
4/24/2012 |
|
|
Bruce G. Peller, DMD, PA |
NC |
|
9,953 |
9953 |
4/22/2012 |
Unauthorized Access/Disclosure |
Computer |
7/27/2012 |
4/22/2012 |
|
|
Memorial Healthcare System |
FL |
|
102,153 |
102153 |
01/01/2011 - 07/05/2012 |
Theft |
Electonic Medical Record |
7/27/2012 |
7/27/2012 |
|
|
Hamner Square Dental |
CA |
Patterson Dental, Inc |
1,112 |
1112 |
5/12/2012 |
Unknown |
Other Portable Electronic Device |
7/27/2012 |
5/12/2012 |
|
|
River Arch Dental |
CA |
Patterson Dental, Inc |
2,533 |
2533 |
5/12/2012 |
Unknown |
Other Portable Electronic Device |
7/27/2012 |
5/12/2012 |
|
|
Pamlico Medical Equipment LLC |
NC |
|
2,917 |
2917 |
5/16/2012 |
Loss |
Other Portable Electronic Device |
7/27/2012 |
5/16/2012 |
|
|
The Surgeons of Lake County, LLC † |
IL |
|
7,067 |
7067 |
06/22/2012-06/25/2012 |
Other |
Network Server |
7/27/2012 |
7/27/2012 |
|
|
Adult & Child Care Center |
IN |
Choices, INC |
550 |
550 |
5/10/2012 |
Hacking/IT Incident |
Other |
7/27/2012 |
5/10/2012 |
|
|
The University of Texas MD Anderson Cancer Center |
TX |
|
29,201 |
29201 |
4/30/2012 |
Theft |
Laptop |
7/27/2012 |
4/30/2012 |
|
|
Sharon L. Rogers, Ph.D., ABPP |
TX |
|
585 |
585 |
6/16/2012 |
Theft |
Laptop |
7/27/2012 |
6/16/2012 |
|
|
Charlie Norwood VA Medical Center |
GA |
|
824 |
824 |
3/30/2012 |
Loss |
Other Portable Electronic Device |
7/27/2012 |
3/30/2012 |
|
|
Gessler Clinic, P.A. |
FL |
|
1,409 |
1409 |
05/03/2012-05/04/2012 |
Theft |
Paper |
7/27/2012 |
7/27/2012 |
|
|
University of Kentucky HealthCare |
KY |
|
4,490 |
4490 |
5/1/2012 |
Theft |
Laptop |
7/27/2012 |
5/1/2012 |
|
|
Beth Israel Deaconess Medical Center |
MA |
|
3,900 |
3900 |
5/22/2012 |
Theft |
Laptop |
8/1/2012 |
5/22/2012 |
|
|
Oregon Health & Science University |
OR |
|
702 |
702 |
7/4/2012 |
Theft |
Other |
8/2/2012 |
7/4/2012 |
|
|
Stanford University Medical Center |
CA |
|
2,603 |
2603 |
07/15 -07/16/12 |
Theft |
Computer |
8/13/2012 |
8/13/2012 |
|
|
Upper Valley Medical Center |
OH |
Data Image, Inc |
15000 |
15000 |
10/1/2010-03/21/2012 |
Unauthorized Access/Disclosure |
Other |
8/13/2012 |
8/13/2012 |
|
|
The Surgeons of Lake County, LLC |
IL |
|
7067 |
7067 |
6/22/2012-06/26/2012 |
Unauthorized Access/Disclosure |
Network Server |
8/13/2012 |
8/13/2012 |
|
|
Kindred Healthcare Inc d/b/a Kindred Transitional Care And Rehablititation Sellersburg |
IN |
|
1504 |
1504 |
06/01/2012-06/04/2012 |
Theft |
Other |
8/13/2012 |
8/13/2012 |
|
|
Walgreen Co. |
IL |
|
1240 |
1240 |
7/5/2012 |
Theft |
Paper |
8/13/2012 |
7/5/2012 |
|
|
Northwestern Memorial Hospital |
IL |
|
4211 |
4211 |
6/11/2012 |
Theft |
Laptop, Other Portable
Electronic Device |
8/13/2012 |
6/11/2012 |
|
|
Diversified Support Services |
IN |
Choices, Inc. |
505 |
505 |
5/10/2012 |
Hacking/IT Incident |
Other |
8/13/2012 |
5/10/2012 |
|
|
Midtown Mental Health Center |
IN |
CHOICES, Inc |
890 |
890 |
5/10/2012 |
Hacking/IT Incident |
Other |
8/13/2012 |
5/10/2012 |
|
|
NYU School of Medicine Faculty Group Practice |
NY |
|
8488 |
8488 |
5/22/2012 |
Theft |
Computer |
8/13/2012 |
5/22/2012 |
|
|
Jeffrey Paul Edelstein M.D. |
AZ |
|
4800 |
4800 |
5/28/2012 |
Theft |
Network Server |
8/13/2012 |
5/28/2012 |
|
|
Central States Southeast and Southwest Areas Health and Welfare Fund |
IL |
|
754 |
754 |
7/31/2012 |
Unauthorized Access/Disclosure,Other |
Paper |
8/27/2012 |
7/31/2012 |
|
|
Apria Healthcare, Inc. |
CA |
|
65700 |
65700 |
6/14/2012 |
Theft |
Laptop |
8/27/2012 |
6/14/2012 |
|
|
TEMPLE COMMUNITY HOSPITAL |
CA |
|
603 |
603 |
7/3/2012 |
Theft |
Computer |
8/27/2012 |
7/3/2012 |
|
|
Liberty Resources, Inc. |
PA |
|
3183 |
3183 |
8/4/2012 |
Theft |
Laptop |
8/27/2012 |
8/4/2012 |
|
|
Howard University Hospital |
DC |
|
66601 |
66601 |
1/25/2012 |
Theft |
Laptop |
8/27/2012 |
1/25/2012 |
|
|
The University of Texas MD Anderson Cancer Center |
TX |
|
2264 |
2264 |
7/13/2012 |
Loss |
Other Portable Electronic Device |
9/5/2012 |
7/13/2012 |
|
|
Tricounty Behavioral Health Clinic |
GA |
|
4000 |
4000 |
8/26/2012 |
Theft |
Laptop |
9/11/2012 |
8/26/2012 |
|
|
Charlote Clark-Neitzel, MD |
WA |
|
942 |
942 |
7/24/2012 |
Theft |
Laptop |
9/14/2012 |
7/24/2012 |
|
|
University of Miami |
FL |
|
64846 |
64846 |
7/18/2012 |
Unauthorized Access/Disclosure, Other |
Paper |
9/20/2012 |
7/18/2012 |
|
|
Lana Medical Care |
FL |
|
500 |
500 |
8/18/2012 |
Theft |
Laptop |
9/20/2012 |
8/18/2012 |
|
|
St. Therese Medical Group, Inc |
CA |
|
3031 |
3031 |
7/22/2012 |
Theft |
Computer |
10/1/2012 |
7/22/2012 |
|
|
Sierra Plastic Surgery |
NV |
|
800 |
800 |
8/19/2011 09/20/2011 |
Unauthorized Access/Disclosure, Hacking/IT incident |
Network Server |
10/1/2012 |
10/1/2012 |
|
|
Valley Plastic Surgery, P.C. |
VA |
|
4873 |
4873 |
7/15/2012 |
Theft |
Other Portable Electronic Device |
10/17/2012 |
7/15/2012 |
|
|
Colon & Digestive Health Specialists |
AR |
Ecco Health, LLC |
5713 |
5713 |
7/16/2012 |
Loss |
Other Portable Electronic Device |
10/17/2012 |
7/16/2012 |
|
|
Alexander J. Tikhtman, M.D. |
KY |
|
2376 |
2376 |
8/15/2012 |
Loss |
Other Portable Electronic Device |
11/6/2012 |
8/15/2012 |
|
|
Gulf Coast Health Care Services Inc |
FL |
|
13000 |
13000 |
8/17/2012 |
Theft, UnauthorizedAccess/Disclosure, Hacking/IT Incident |
Network Server |
11/6/2012 |
8/17/2012 |
|
|
Blount Memorial Hospital, Inc |
TN |
|
27799 |
27799 |
8/25/2012 |
Theft |
Laptop |
11/6/2012 |
8/25/2012 |
|
|
Women & Infants Hospital of Rhode Island |
RI |
|
14004 |
14004 |
9/13/2012 |
Loss |
Other |
11/9/2012 |
9/13/2012 |
|
|
Philip P Corneliuson, DDS, INC. |
CA |
|
980 |
980 |
9/15/2012 |
Theft |
Desktop Computer |
11/9/2012 |
9/15/2012 |
|
|
Surgical Associates of Utica, PC |
NY |
Quanterion Solutions, Inc. |
1017 |
1017 |
9/18/2012 |
Theft |
Network Server |
11/16/2012 |
9/18/2012 |
|
|
First Step Counseling, Inc. |
NJ |
|
638 |
638 |
5/1/2011-08/05/2011 |
Unauthorized Access/Disclosure |
Paper |
11/16/2012 |
11/16/2012 |
|
|
Alere Home Monitoring, Inc. |
CA |
|
116506 |
116506 |
9/23/2012 |
Theft |
Laptop |
11/16/2012 |
9/23/2012 |
|
|
CVS Caremark |
RI |
|
955 |
955 |
8/13/2012 |
Theft |
Paper |
11/16/2012 |
8/13/2012 |
|
|
Christus St. John Hospital |
TX |
|
5748 |
5748 |
9/25/2012 |
Loss |
Other Portable Electronic Device |
12/3/2012 |
9/25/2012 |
|
|
Brigham & Women's Hospital |
MA |
|
615 |
615 |
10/16/2012 |
Theft |
Desktop Computer |
12/3/2012 |
10/16/2012 |
|
|
James M. McGee, D.M.D., P.C. |
GA |
|
1306 |
1306 |
09/19/2012 09/26/2012 |
Theft |
Paper |
12/3/2012 |
09/19/2012 09/26/2012 |
|
|
Robbins Eye Center |
CT |
|
1749 |
1749 |
10/7/2012 |
Theft |
Desktop Computer |
12/3/2012 |
10/7/2012 |
|
|
Landmark Medical Center |
RI |
|
683 |
683 |
10/1/2012 |
Theft |
Laptop |
12/3/2012 |
10/1/2012 |
|
|
City of Covington Kentucky Fire Department |
KY |
|
1548 |
1548 |
06/15/2012-10/01/2012 |
Theft |
Desktop Computer |
12/18/2012 |
12/18/2012 |
|
|
Okaloosa County Public Safety |
FL |
|
715 |
715 |
06/15/2012 - 10/01/2012 |
Theft |
Desktop Computer |
12/18/2012 |
12/18/2012 |
|
|
Vidant Pungo Hospital |
NC |
|
1100 |
1100 |
10/4/2012 |
Improper Disposal |
Paper |
12/18/2012 |
10/4/2012 |
|
|
City of Gloucester, Fire Department |
MA |
|
1286 |
1286 |
06/15/2012-10/01/2012 |
Theft |
Desktop Computer |
12/18/2012 |
12/18/2012 |
|
|
City of El Centro Fire Department |
CA |
|
1500 |
1500 |
10/1/2012 |
Theft, Unauthorized Access/Disclosure |
Desktop Computer |
12/18/2012 |
10/1/2012 |
|
|
City of Overland Park Fire Department |
FL |
|
911 |
911 |
06/15/2012 - 10/01/2012 |
Theft |
Desktop Computer |
12/20/2012 |
12/20/2012 |
|
|
Osceola County EMS |
FL |
|
949 |
949 |
06/15/2012-10/01/2012 |
Theft |
Desktop Computer |
12/20/2012 |
12/20/2012 |
|
|
Coastal Behavioral Healthcare, Inc. |
FL |
|
4907 |
4907 |
4/11/2011 |
Theft |
Paper |
12/20/2012 |
4/11/2011 |
|
|
Sumner County Emergency Medical Services |
TN |
|
774 |
774 |
06/15/2012 - 10/01/2012 |
Theft |
Desktop Computer |
12/20/2012 |
12/20/2012 |
|
|
Calif. Dept. of Health Care Services (DHCS) |
CA |
|
2643 |
2643 |
12/10/2012 - 12/18/2012 |
Unauthorized Access/Disclosure |
Other |
1/17/2013 |
1/17/2013 |
|
|
University Of Michigan Health System |
MI |
Omnicell, Inc. |
3999 |
3999 |
11/14/2012 |
Theft |
Laptop |
1/17/2013 |
11/14/2012 |
|
|
Cabinet for Health & Family Services, Department of Medicaid Services |
KY |
HP Enterprise Services |
1090 |
1090 |
11/15/2012 |
Hacking/IT Incident |
Laptop |
1/17/2013 |
11/15/2012 |
|
|
Group Health Incorporated |
NY |
|
1771 |
1771 |
11/13/2012 |
Unauthorized Access/Disclosure |
Paper |
1/17/2013 |
11/13/2012 |
|
|
South Shore Medical Center |
MA |
Clearpoint Design, Inc. |
4100 |
4100 |
10/18/2012 |
Hacking/IT Incident |
Network Server |
1/17/2013 |
10/18/2012 |
|
|
St. Mark's Medical Center |
TX |
|
2988 |
2988 |
5/21/2012 |
Hacking/IT Incident |
Desktop Computer |
1/17/2013 |
5/21/2012 |
|
|
Westerville Dental Center |
OH |
|
850 |
850 |
12/2/2012 |
Theft |
Laptop, Network Server |
1/17/2013 |
12/2/2012 |
|
|
Harbor Medical Associates, P.C. |
MA |
Clearpoint Design, Inc |
4343 |
4343 |
10/18/2012 - 11/04/2012 |
Hacking/IT Incident |
Network Server |
1/17/2013 |
1/17/2013 |
|
|
OHP PHSP, Inc. |
NY |
HealthPlus, Amerigroup |
28187 |
28187 |
08/31/2012 - 09/21/2012 |
Unauthorized Access/Disclosure |
Other |
1/17/2013 |
1/17/2013 |
|
|
Child & Family Psychological Services, Inc. |
MA |
Clearpoint Design, Inc. |
7250 |
7250 |
10/18/2012-10/29/2012 |
Hacking/IT Incident |
Network Server |
1/17/2013 |
1/17/2013 |
|
|
Lee Miller Rehab Associates |
MD |
|
10480 |
10480 |
1/15/2012 |
Theft |
Network Server |
2/7/2013 |
1/15/2012 |
|
|
Atlanta Fire and Rescue Department |
GA |
|
908 |
908 |
06/15/2012-10/01/2012 |
Theft |
Desktop Computer |
2/7/2013 |
2/7/2013 |
|
|
The University of Texas MD Anderson Cancer Center |
TX |
|
29021 |
29021 |
4/30/2012 |
Theft |
Laptop |
2/7/2013 |
4/30/2012 |
|
|
American HomePatient Inc. |
TN |
LifeGas |
1103 |
1103 |
10/11/2012 |
Theft |
Laptop |
2/7/2013 |
10/11/2012 |
|
|
Riderwood Village |
MD |
|
3230 |
3230 |
11/18/2012 |
Theft |
Laptop |
2/8/2013 |
11/18/2012 |
|
|
County of San Bernardino Department of Behavioral Health |
CA |
|
683 |
683 |
1/12/2013 |
Theft |
Paper |
3/4/2013 |
1/12/2013 |
|
|
Catoctin Dental/Richard B. Love, D.D.S., P.A. |
MD |
Patterson Dental Supply/Patterson |
6400 |
6400 |
1/3/2013 |
Hacking/IT Incident |
Network Server |
3/4/2013 |
1/3/2013 |
|
|
Agency for Health Care Administration |
FL |
DentaQuest of Florida, Inc |
1892 |
1892 |
11/01/2012 - 12/20/2012 |
Unauthorized Access/Disclosure |
Paper |
3/4/2013 |
3/4/2013 |
|
|
Kindred Healthcare, Inc. d/b/a Kindred Transitional Care and Rehabilitation - Marl |
MA |
|
716 |
716 |
12/15/2012-12/17/2012 |
Theft |
Other Portable Electronic Device |
3/4/2013 |
3/4/2013 |
|
|
ABQ HealthPartners |
NM |
|
778 |
778 |
12/20/2012 |
Theft |
Laptop |
3/4/2013 |
12/20/2012 |
|
|
Arizona Oncology |
AZ |
|
501 |
501 |
11/21/2012 |
Theft |
Laptop |
3/4/2013 |
11/21/2012 |
|
|
Crescent Health Inc. - a Walgreens Company |
CA |
|
109000 |
109000 |
12/28/2012 |
Theft |
Desktop Computer |
3/4/2013 |
12/28/2012 |
|
|
Center for Pain Management, LLC |
MD |
|
5822 |
5822 |
1/22/2013 |
Theft |
Laptop |
3/4/2013 |
1/22/2013 |
|
|
Heyman HospiceCare at Floyd |
GA |
|
1819 |
1819 |
1/4/2013 |
Theft |
Laptop |
3/4/2013 |
1/4/2013 |
|
|
HomeCare of Mid-Missouri, Inc. |
MO |
|
4027 |
4027 |
12/14/2012 |
Theft |
Laptop |
3/4/2013 |
12/14/2012 |
|
|
Intervention Services, Inc. |
FL |
|
1200 |
1200 |
1/19/2013 |
Theft |
Laptop |
3/4/2013 |
1/19/2013 |
|
|
West Georgia Ambulance |
GA |
|
500 |
500 |
12/13/2012 |
Loss |
Laptop |
3/4/2013 |
12/13/2012 |
|
|
Multiple Health Plans |
CA |
Coast Healthcare Management |
1368 |
1368 |
12/7/2013 |
Theft, Other |
Paper |
3/4/2013 |
12/7/2013 |
|
|
HealthCare for Women, Inc. |
MA |
|
8727 |
8727 |
01/18/2013-01/23/2013 |
Hacking/IT Incident |
Network Server |
3/27/2013 |
3/27/2013 |
|
|
University of Connecticut Health Center |
CT |
|
1382 |
1382 |
06/07/2010 - 12/07/2012 |
Unauthorized Access/Disclosure |
Network Server |
3/27/2013 |
3/27/2013 |
|
|
Anthem Blue Cross Blue Shield (IN) |
IN |
Connextions c/o Anthem BCBS |
528 |
528 |
11/01/2011-10/01/2012 |
Theft, Unauthorized, Access/Disclosure |
Network Server |
3/27/2013 |
3/27/2013 |
|
|
Anthem Blue Cross Blue Shield (OH) |
IN |
Connextions c/o Anthem BCBS |
1678 |
1678 |
11/01/2011-10/01/2012 |
Theft, Unauthorized, Access/Disclosure |
Network Server |
3/27/2013 |
3/27/2013 |
|
|
Empire Blue Cross Blue Shield |
IN |
Connextions c/o Empire BCBS |
2608 |
2608 |
11/01/2011-10/01/2012 |
Theft, Unauthorized, Access/Disclosure |
Network Server |
3/27/2013 |
3/27/2013 |
|
|
The Brookdale University Hospital and Medical Center |
NY |
Health Plus Amerigroup |
28187 |
28187 |
9/21/2012 |
Unauthorized Access/Disclosure |
Other Portable Electronic Device |
3/27/2013 |
9/21/2012 |
|
|
The Brookdale University Hospital and Medical Center |
NY |
Standard Register |
2261 |
2261 |
8/11/2012 |
Unauthorized Access/Disclosure |
Paper |
3/27/2013 |
8/11/2012 |
|
|
United Home Care Services of Southwest Florida< LLC |
FL |
United HomeCare Services, Inc. |
1318 |
1318 |
1/8/2013 |
Theft |
Laptop |
3/27/2013 |
1/8/2013 |
|
|
United HomeCare Services, Inc. |
FL |
|
12299 |
12299 |
1/8/2013 |
Theft |
Laptop |
3/27/2013 |
1/8/2013 |
|
|
WOMENS HEALTH ENTERPRISE, INC., dba FAMILY HEALTH ENTERPRISE |
GA |
|
3000 |
3000 |
1/2/2013 |
Theft |
Laptop |
3/27/2013 |
1/2/2013 |
|
|
South Miami Hospital |
FL |
|
834 |
834 |
6/1/2011 |
Unauthorized Access/Disclosure |
Electronic Medical Record |
3/27/2013 |
6/1/2011 |
|
|
Riderwood Village |
MD |
|
5270 |
5270 |
11/18/2012 |
Theft |
Laptop |
3/27/2013 |
11/18/2012 |
|
|
Utah Department of Health |
UT |
Goold Health System (Goold) |
6332 |
6332 |
01/10/2013-01/11/2013 |
Loss |
Other Portable Electronic Device |
3/27/2013 |
3/27/2013 |
|
|
Lancaster General Medical Group |
PA |
|
527 |
527 |
2/5/2013 |
Theft |
Paper |
3/27/2013 |
2/5/2013 |
|
|
State of California, Dept. of Developmental Services |
CA |
North Los Angeles County, Regional Center |
18162 |
18162 |
11/10/2012 |
Theft |
Laptop |
3/27/2013 |
11/10/2012 |
|
|
John J. Pershing VA Medical Center |
MO |
|
589 |
589 |
2/20/2013 |
Other |
Paper |
4/23/2013 |
2/20/2013 |
|
|
Oregon Health & Science University |
OR |
|
1076 |
1076 |
2/22/2013 |
Theft |
Laptop |
4/23/2013 |
2/22/2013 |
|
|
WA Department of Social and Health Services |
WA |
Sunil Kakar, Psy.D. |
629 |
629 |
2/4/2013 |
Theft |
Laptop |
4/23/2013 |
2/4/2013 |
|
|
Shands Jacksonville Medical Center, Inc. |
FL |
|
1,025 |
1025 |
05/02/2012-06/22/2012 |
Theft, unauthorized access/ disclosure |
Electronic Medical Record |
4/23/2013 |
4/23/2013 |
|
|
University of Florida |
FL |
|
14519 |
14519 |
03/01/2009- 10/25/2012 |
Theft, unauthorized access/ disclosure |
Desktop Computer, Electronic Medical Record |
4/23/2013 |
4/23/2013 |
|
|
Hospice and Palliative Care Center of Alamance Caswell |
NC |
|
5371 |
5371 |
2/24/2013 |
Theft, Unauthorized Access/ Disclosure |
Laptop, Paper |
4/23/2013 |
2/24/2013 |
|
|
Texas Health Care, P.L.L.C. |
TX |
|
554 |
554 |
3/10/2013 |
Theft |
Paper |
4/23/2013 |
3/10/2013 |
|
|
Texas Tech Unversity Health Sciences Center |
TX |
|
697 |
697 |
2/18/2013 |
Unauthorized Access/Disclosure |
Paper |
4/23/2013 |
2/18/2013 |
|
|
Oregon Health & Science University |
OR |
|
1114 |
1114 |
2/22/2013 |
Theft |
Laptop |
4/23/2013 |
2/22/2013 |
|
|
Lake Granbury Medicl Ceter |
TX |
|
502 |
502 |
2/13/2012 |
Theft |
Paper |
4/23/2013 |
2/13/2012 |
|
|
Carpenters Health & Welfare Trust Fund for California |
CA |
QuickRunner, Inc. (dba,RoadRunner Mailing Services |
2400 |
2400 |
03/11/2013-03/12/2013 |
Unauthorized Access/Disclosure |
Paper |
4/23/2013 |
4/23/2013 |
|
|
Mount Sinai Medical Center |
FL |
|
628 |
628 |
10/1/2012- 02/18/2013 |
Theft |
Desktop Computer, Paper |
4/23/2013 |
4/23/2013 |
|
|
University of Mississippi Medical Center |
MS |
|
10,000 |
10000 |
11/01/2012-01/19/2013 |
Loss |
Laptop |
4/23/2013 |
4/23/2013 |
|
|
Thomas L. Davis, Jr. DDS |
OR |
|
3269 |
3269 |
2/12/2013 |
Theft |
Desktop Computer, Electronic Medical Record |
4/23/2013 |
2/12/2013 |
|
|
Mid America Health, Inc |
IN |
PrevMED |
1444 |
1444 |
4/6/2012 |
Theft |
Laptop |
4/23/2013 |
4/6/2012 |
|
|
GLENS FALLS HOSPITAL |
NY |
PORTAL HEALTHCARE SOLUTIONS LLC |
2360 |
2360 |
11/02/2012 - 03/14/2013 |
Unauthorized Access/Disclosure, Hacking/IT incident |
Network Server |
4/23/2013 |
4/23/2013 |
|
|
Hope Hospice |
TX |
|
818 |
818 |
12/27/2012 - 02/22/2013 |
Other |
E-mail |
5/17/2013 |
5/17/2013 |
|
|
IHC Health Services, Inc. dba Intermountain Life Flight |
UT |
|
857 |
857 |
10/12/2009 |
Unauthorized Access/Disclosure |
Other |
5/17/2013 |
10/12/2009 |
|
|
Seattle - King County Department of Public Health |
WA |
|
750 |
750 |
3/7/2013 |
Improper Disposal |
Paper |
5/17/2013 |
3/7/2013 |
|
|
El Centro Regional Medical Center |
CA |
Digital Archive Management |
189489 |
189489 |
11/7/2012 |
Improper Disposal |
Paper |
5/17/2013 |
11/7/2012 |
|
|
Orthopedics & Adult Reconstructive Surgery |
TX |
AssuranceMD f/k/a Harbor Group |
22000 |
22000 |
03/01/2013 - 03/13/2013 |
Loss |
Other Portable Electronic Device |
5/17/2013 |
5/17/2013 |
|
|
Delta Dental of Pennsylvania |
PA |
ZDI |
14829 |
14829 |
3/20/2013 |
Loss |
Paper |
5/17/2013 |
3/20/2013 |
|
|
Lutheran Social Services of South Central PA |
PA |
|
7325 |
7325 |
06/01/2012 - 03/07/2013 |
Hacking/IT Incident |
Network Server |
5/17/2013 |
5/17/2013 |
|
|
Valley Mental Health |
UT |
|
700 |
700 |
2/27/2013 |
Theft |
Desktop Computer |
5/17/2013 |
2/27/2013 |
|
|
Wood County Hospital |
OH |
|
2500 |
2500 |
3/19/2013 |
Theft |
Other |
5/17/2013 |
3/19/2013 |
|
|
The Guidance Center of Westchester |
NY |
|
1416 |
1416 |
2/21/2013 |
Theft |
Desktop Computer |
5/17/2013 |
2/21/2013 |
|
|
Stronghold Counseling Services Inc |
SD |
|
8500 |
8500 |
12/24/2012 |
Theft |
Desktop Computer |
5/17/2013 |
12/24/2012 |
|
|
Arizona Counseling & Treatment Services, LLC |
AZ |
|
3800 |
3800 |
03/18/2013-03/25/2013 |
Theft |
Other Portable Electronic Device |
5/17/2013 |
5/17/2013 |
|
|
Indiana University Health Arnett |
IN |
|
10350 |
10350 |
4/9/2013 |
Theft |
Laptop |
5/17/2013 |
4/9/2013 |
|
|
Sovereign Medical Group, LLC |
NJ |
|
27,800 |
27800 |
10/10/2012 |
Theft, Hacking/IT Incident |
Network Server |
5/20/2013 |
10/10/2012 |
|
|
South Jersey Hospital Inc. |
NJ |
Omnicell Inc. |
8555 |
8555 |
11/14/2012 |
Theft |
Laptop |
5/20/2013 |
11/14/2012 |
|
|
Hawaii State Department of Health, Adult Mental Health Division |
HI |
|
674 |
674 |
9/25/2012 |
Hacking/IT Incident |
Desktop Computer |
5/20/2013 |
9/25/2012 |
|
|
L.A. Care Health Plan |
CA |
|
18000 |
18000 |
09/17/2012-09/20/2012 |
Other |
Other |
5/21/2013 |
5/21/2013 |
|
|
Calvin Schuster,MD |
CA |
|
532 |
532 |
11/4/2012 |
Theft |
Desktop Computer |
5/21/2013 |
11/4/2012 |
|
|
SilverScript Insurance Company |
AZ |
|
|
0 |
10/31/2012 |
Unauthorized Access/Disclosure |
Paper |
5/21/2013 |
10/31/2012 |
Individuals affected 852 |
|
Raleigh Orthopaedic Clinic |
NC |
|
17300 |
17300 |
1/15/2013 |
Theft, Improper Disposal, Unauthorized Access/Disclosure |
Paper |
5/21/2013 |
1/15/2013 |
|
|
Independence Care System |
NY |
|
2434 |
2434 |
5/7/2013 |
Theft |
Laptop |
6/5/2013 |
5/7/2013 |
|
|
Health Resources of Arkansas |
AR |
|
1900 |
1900 |
4/14/2013 |
Theft, Unauthorized
Access/Disclosure |
Other |
6/5/2013 |
4/14/2013 |
|
|
University of Florida |
FL |
|
5875 |
5875 |
02/01/2012- 04/11/2013 |
Theft, UnauthorizedAccess/Disclosure |
Electronic Medical Record |
6/5/2013 |
6/5/2013 |
|
|
University of Rochester Medical Center & Affiliates |
NY |
|
537 |
537 |
2/15/2013 |
Loss |
Other Portable Electronic Device |
6/5/2013 |
2/15/2013 |
|
|
Presbyterian Anesthesia Associates PA |
NC |
E-dreamz, Inc. |
9988 |
9988 |
4/1/2013 |
Hacking/IT Incident |
Network Server |
6/5/2013 |
4/1/2013 |
|
|
Comfort Dental Marion and Kokomo |
IN |
Just the Connection Inc |
5388 |
5388 |
03/14/2013-03/18/2013 |
Improper Disposal |
Other |
6/5/2013 |
6/5/2013 |
|
|
Regional Medical Center |
TN |
|
1180 |
1180 |
2/4/2013 |
Unauthorized Access/Disclosure |
E-mail |
6/7/2013 |
2/4/2013 |
|
|
Piedmont HealthCare, P.A. |
NC |
E-dreamz, Inc. |
1924 |
1924 |
3/28/2013 |
Hacking/IT Incident |
Network Server |
6/7/2013 |
3/28/2013 |
|
|
Integrity Oncology, an office of Baptist Medical Group |
TN |
North Atlantic Telecom, Inc. |
539 |
539 |
3/5/2013 |
Other |
Desktop Computer |
6/7/2013 |
3/5/2013 |
|
|
City of Norwood |
OH |
|
500 |
500 |
04/14/2013 - 04/19/2013 |
Loss |
Laptop |
6/7/2013 |
6/7/2013 |
|
|
Sonoma Valley Hospital |
CA |
|
1386 |
1386 |
2/14/2013 |
Other |
Other |
6/7/2013 |
2/14/2013 |
|
|
Dent Neurologic Group, LLP |
NY |
|
10202 |
10202 |
5/13/2013 |
Other |
E-mail |
6/7/2013 |
5/13/2013 |
|
|
Fayetteville VAMC |
NC |
|
1093 |
1093 |
4/17/2013 |
Improper Disposal |
Paper |
7/1/2013 |
4/17/2013 |
|
|
UMASSAmherst |
MA |
|
1670 |
1670 |
10/22/2012 |
Hacking/IT Incident |
Desktop Computer |
6/21/2013 |
10/22/2012 |
|
|
Various Health Plans |
AL |
SynerMed / Inland Valleys IPA |
3164 |
3164 |
04/14/2013-04/15/2013 |
Theft |
Laptop |
7/1/2013 |
7/1/2013 |
|
|
Lincoln County Health and Human Services/Lincoln Community Health Center |
OR |
|
959 |
959 |
4/17/2013 |
Unauthorized Access/Disclosure |
Paper |
7/1/2013 |
4/17/2013 |
|
|
Lucile Packard Children's Hospital |
CA |
|
12900 |
12900 |
5/8/2013 |
Theft |
Laptop |
7/1/2013 |
5/8/2013 |
|
|
Union Security Insurance Company |
MO |
|
1127 |
1127 |
5/17/2013 |
Improper Disposal |
E-mail |
7/1/2013 |
5/17/2013 |
|
|
Palm Beach County Health Department |
FL |
|
877 |
877 |
1/7/2013 |
Unauthorized Access/Disclosure |
Desktop Computer |
7/1/2013 |
1/7/2013 |
|
|
Gulf Breeze Family Eyecare, Inc. |
FL |
|
9,626 |
9626 |
03/08/2013-05/09/2013 |
Theft, Unauthorized Access/Disclosure |
Electronic Medical Record,Network Server, E-mail, Electronic Medical Record, Paper |
7/1/2013 |
7/1/2013 |
|
|
Texas Health Harris Methodist Hospital Fort Worth |
TX |
Shred-it International Inc. |
277014 |
277014 |
5/11/2013 |
Improper Disposal |
Other |
7/26/2013 |
5/11/2013 |
|
|
Sheet Metal Local 36 Welfare Fund |
MO |
People Resource Corporation |
4560 |
4560 |
08/01/2012-07/08/2013 |
Unauthorized Access/Disclosure |
Other |
7/26/2013 |
7/26/2013 |
|
|
San Jose Medical Supply Co., Inc. |
CA |
Jesle Kuizon |
800 |
800 |
10/01/2011-11/31/2011 |
Theft, Unauthorized Access/Disclosure, Hacking/IT Incident |
Desktop Computer, network server |
7/26/2013 |
7/26/2013 |
|
|
Harris County |
TX |
|
21000 |
21000 |
08/15/2005 - 06/14/2007 |
Unauthorized Access/Disclosure |
Desktop Computer |
7/26/2013 |
7/26/2013 |
|
|
South Florida Neurology Associates, P.A. |
FL |
|
900 |
900 |
05/25/2013-05/30/2013 |
Theft |
Laptop |
7/26/2013 |
7/26/2013 |
|
|
MED-EL Coproration |
NC |
|
609 |
609 |
6/25/2013 |
Other |
E-mail |
7/26/2013 |
6/25/2013 |
|
|
Sutter Health East Bay Region, Alta Bates Summit Medical ctr,Sutter Delta Medical Center;Eden Medical Center |
CA |
Nelson Family of Companies |
4479 |
4479 |
3/1/2011 |
Unauthorized Access/Disclosure |
E-mail |
7/26/2013 |
3/1/2011 |
|
|
Illinois Department of Healthcare and Familiy Services |
IL |
Family Health Network |
3133 |
3133 |
5/8/2013 |
Other |
Paper |
7/26/2013 |
5/8/2013 |
|
|
Medtronic, Inc |
MN |
|
2764 |
2764 |
03/28/2013-03/29/2013 |
Loss |
Paper |
7/26/2013 |
7/26/2013 |
|
|
Long Beach Memorial Medical Center |
CA |
|
2864 |
2864 |
09/01/2012-07/01/2013 |
Unauthorized Access/Disclosure |
Electronic Medical Record |
7/26/2013 |
7/26/2013 |
|
|
Delta Dental of Pennsylvania |
PA |
ZDI |
4718 |
4718 |
5/13/2013 |
Loss |
Paper |
7/26/2013 |
5/13/2013 |
|
|
Northrop Grumman Retiree Health Plan |
VA |
CVS Caremark |
4305 |
4305 |
5/20/2013 |
Other |
Paper |
7/26/2013 |
5/20/2013 |
|
|
Health Net, Inc. |
CA |
|
8331 |
8331 |
04/01/2013 - 05/31/2013 |
Other |
Paper |
7/26/2013 |
7/26/2013 |
|
|
Aflac |
GA |
Alberto Gerardo Vazquez Rivera |
679 |
679 |
5/9/2013 |
Theft |
Laptop |
7/26/2013 |
5/9/2013 |
|
|
James A. Fosnaugh |
NE |
|
2125 |
2125 |
05/01/2013 - 05/03/2013 |
Loss |
Other Portable Electronic Device |
7/26/2013 |
7/26/2013 |
|
|
Lone Star Circle of Care |
TX |
|
1955 |
1955 |
05/01/2013-05/02/2013 |
Theft |
Laptop |
7/26/2013 |
7/26/2013 |
|
|
Jacksonville Spine Center |
FL |
|
5200 |
5200 |
4/25/2013 |
Unauthorized Access/Disclosure |
Paper |
7/26/2013 |
4/25/2013 |
|
|
Samaritan Regional Health System |
OH |
|
2203 |
2203 |
5/29/2013 |
Other |
Paper |
7/26/2013 |
5/29/2013 |
|
|
Iowa Department of Human Services |
IA |
|
7335 |
7335 |
4/30/2013 |
Loss, Unknown |
Other |
7/26/2013 |
4/30/2013 |
|
|
Louisiana State University Health Care Services Division |
LA |
|
6994 |
6994 |
12/1/2011 |
Unauthorized Access/Disclosure |
Desktop Computer |
8/9/2013 |
12/1/2011 |
|
|
Vitreo-Retinal Medical Group, Inc |
CA |
|
1837 |
1837 |
6/5/2013 |
Theft |
Laptop |
8/9/2013 |
6/5/2013 |
|
|
GEO Care, LLC |
FL |
|
710 |
710 |
4/16/2013 |
Unauthorized Access/Disclosure |
Desktop Computer |
8/9/2013 |
4/16/2013 |
|
|
The Brookdale Hospital and Medical Center |
NY |
|
2700 |
2700 |
5/24/2013 |
Loss |
Other Portable Electronic Device |
8/9/2013 |
5/24/2013 |
|
|
California Correctional Health Care Services |
CA |
|
1001 |
1001 |
6/19/2013 |
Unknown |
Other |
8/9/2013 |
6/19/2013 |
|
|
Indiana Family & Social Services Administration |
IN |
|
187533 |
187533 |
04/06/2013-05/21/2013 |
Other |
Paper |
8/26/2013 |
8/26/2013 |
|
|
Missouri Department of Social Services |
MO |
InfoCrossing, Inc. |
1357 |
1357 |
10/16/2011 - 06/07/2013 |
Unauthorized Access/Disclosure |
Paper |
8/26/2013 |
8/26/2013 |
|
|
Rocky Mountain Spine Clinic, P.C. |
CO |
|
532 |
532 |
6/11/2013 |
Theft, Unauthorized Access/Disclosure |
Network Server |
8/26/2013 |
6/11/2013 |
|
|
Cogent Healthcare, Inc. |
TN |
M2ComSys Inc. |
32151 |
32151 |
05/05/2013-06/24/2013 |
Unauthorized Access/Disclosure |
Network Server |
8/26/2013 |
8/26/2013 |
|
|
Foundations Recovery Network |
TN |
|
5690 |
5690 |
6/15/2013 |
Theft |
Laptop |
8/26/2013 |
6/15/2013 |
|
|
Janna Benkelman LPC LLC |
CO |
|
1500 |
1500 |
8/1/2013 |
Theft |
Laptop |
8/26/2013 |
8/1/2013 |
|
|
Young Family Medicine Inc. |
OH |
|
2045 |
2045 |
6/12/2013 |
Theft |
Laptop |
8/26/2013 |
6/12/2013 |
|
|
Hancock OB/GYN |
IN |
|
1396 |
1396 |
11/09/2011 - 06/17/2013 |
Unauthorized Access/Disclosure |
Electronic Medical Record |
8/26/2013 |
8/26/2013 |
|
|
The Brookdale Hospital and Medical Center |
NY |
|
2700 |
2700 |
5/24/2013 |
Loss |
Other Portable Electronic Device |
8/27/2013 |
5/24/2013 |
|
|
Kaiser Foundation Health Plan of the Northwest |
OR |
|
647 |
647 |
3/15/2013 |
Unauthorized Access/Disclosure |
Electronic Medical Record |
9/11/2013 |
3/15/2013 |
|
|
UT Physicians |
TX |
|
596 |
596 |
07/22/2013-08/02/2013 |
Theft, Loss |
Laptop |
9/11/2013 |
9/11/2013 |
|
|
Olson & White Orthodontics |
MO |
|
10000 |
10000 |
7/22/2013 |
Theft |
Desktop Computer,Network Server |
9/11/2013 |
7/22/2013 |
|
|
Summit Community Care Clinic |
CO |
|
921 |
921 |
7/22/2013 |
Hacking/IT Incident |
Desktop Computer |
9/11/2013 |
7/22/2013 |
|
|
Parkview Community Hospital Medical Center |
CA |
Cogent Healthcare, Inc. |
32000 |
32000 |
05/05/2013 - 06/24/2013 |
Other |
Network Server |
9/11/2013 |
9/11/2013 |
|
|
Jackson Health System |
FL |
|
1471 |
1471 |
01/08/2013 - 01/10/2013 |
Other |
Paper |
9/11/2013 |
9/11/2013 |
|
|
St. Anthony's Physician Organization |
MO |
|
2600 |
2600 |
7/29/2013 |
Theft |
Laptop, Other Portable Electronic Device |
9/11/2013 |
7/29/2013 |
|
|
Minne-Tohe Health Center/Elbowoods Memorial Health Center |
ND |
|
10000 |
10000 |
10/1/2011 |
Improper Disposal, Unauthorized, Access/Disclosure |
Desktop Computer, Other |
9/11/2013 |
10/1/2011 |
|
|
Logan Community Resources, Incorporated (Logan) |
IN |
|
2900 |
2900 |
8/24/2012 |
Hacking/IT Incident |
Network Server |
9/11/2013 |
8/24/2012 |
|
|
St. Francis Health Network, aka Franciscan Alliance ACO |
IN |
Advantage Health Solutions, Inc. |
2575 |
2575 |
10/19/2012 |
Other |
Other |
9/11/2013 |
10/19/2012 |
|
|
Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group |
IL |
|
4029530 |
4029530 |
7/15/2013 |
Theft |
Desktop Computer |
9/11/2013 |
7/15/2013 |
|
|
Wm. Jennings Bryan Dorn VAMC |
SC |
|
7405 |
7405 |
2/11/2013 |
Loss |
Laptop |
9/26/2013 |
2/11/2013 |
|
|
Dermatology Associates of Tallahassee |
FL |
|
915 |
915 |
00/00/0000 |
Unknown |
Other |
9/26/2013 |
00/00/0000 |
|
|
Boy Scouts of America Employee Benefit Plan |
TX |
RR Donnelley (a sub-BA for UnitedHealth Group) |
8911 |
8911 |
09/15/2012-11/30/2012 |
Theft |
Desktop Computer |
9/26/2013 |
9/26/2013 |
|
|
CCS Medical, Inc. |
TX |
|
6601 |
6601 |
05/01/2012 - 09/21/2012 |
Unauthorized Access/Disclosure |
Network Server, Other |
9/26/2013 |
9/26/2013 |
|
|
Atlanta Center for Reproductive Medicine |
GA |
|
654 |
654 |
7/12/2013 |
Other |
E-mail |
9/26/2013 |
7/12/2013 |
|
|
ACO of Puerto Rico |
PR |
PHMHS |
5000 |
5000 |
03/05/2013 - 07/16/2013 |
Unauthorized Access/Disclosure |
Network Server |
9/26/2013 |
9/26/2013 |
|
|
Dreyer Medical Clinic |
IL |
Blackhawk Consulting Group |
998 |
998 |
06/30/2013 - 08/15/2013 |
Hacking/IT Incident |
Network Server |
9/26/2013 |
9/26/2013 |
0 |
|
South Shore Physicians, PC |
NY |
|
8000 |
8000 |
01/01/2006 - 01/12/2012 |
Theft |
Network Server |
9/26/2013 |
9/26/2013 |
|
|
Good Samaritan Hospital |
CA |
|
3833 |
3833 |
7/8/2013 |
Theft |
Laptop |
10/29/2013 |
7/8/2013 |
|
|
Saint Louis University |
MO |
|
3100 |
3100 |
7/25/2013 |
Unauthorized Access/Disclosure |
E-mail |
10/29/2013 |
7/25/2013 |
|
|
AHMC Healthcare Inc. and affiliated Hospitals |
CA |
|
729000 |
729000 |
10/12/2013 |
Theft |
Theft |
10/29/2013 |
10/12/2013 |
|
|
Texas Health Presbyterian Dallas Hospital |
TX |
|
949 |
949 |
8/22/2013 |
Theft |
Desktop Computer |
10/29/2013 |
8/22/2013 |
|
|
ICS Collection Service, Inc. on behalf of University of Chicago Physicians Group |
IL |
|
1290 |
1290 |
7/9/2013 |
Hacking/IT Incident |
Other |
10/29/2013 |
7/9/2013 |
|
|
Ferris State University - MI College of Optometry |
MI |
|
3947 |
3947 |
12/1/2011 |
Hacking/IT Incident |
Network Server |
10/29/2013 |
12/1/2011 |
|
|
Comprehensive Podiatry LLC |
OH |
|
1360 |
1360 |
8/3/2013 |
Theft |
Laptop |
10/29/2013 |
8/3/2013 |
|
|
Access Counseling, LLC |
IN |
|
566 |
566 |
8/23/2013 |
Theft |
Laptop |
10/29/2013 |
8/23/2013 |
|
|
Memorial Hospital of Lafayette County |
WI |
Healthcare Management System |
4330 |
4330 |
8/3/2013 |
Unauthorized Access/Disclosure |
Paper |
10/29/2013 |
8/3/2013 |
|
|
BriovaRx |
IL |
|
1067 |
1067 |
07/03/2013 - 07/11/2013 |
Unauthorized Access/Disclosure |
E-mail |
10/29/2013 |
10/29/2013 |
|
|
SSM Health Care of Wisconsin DBA: St. Maryís Janesville Hospital |
WI |
|
631 |
631 |
8/27/2013 |
Theft |
Laptop |
10/29/2013 |
8/27/2013 |
|
|
Carol L. Patrick, Ph.D. |
OH |
|
517 |
517 |
08/08/2013-08/09/2013 |
Theft |
Network Server |
10/29/2013 |
10/29/2013 |
|
|
Seton Healthcare Family |
TX |
|
5500 |
5500 |
10/4/2013 |
Theft |
Laptop |
10/31/2013 |
10/4/2013 |
|
|
Sentara Healthcare |
VA |
|
3645 |
3645 |
10/01/2012 - 07/11/2013 |
Theft |
Electronic Medical Record,Paper |
10/31/2013 |
10/31/2013 |
|
|
Region Ten Community Services Board |
VA |
|
10228 |
10228 |
7/29/2013 |
Hacking/IT Incident |
E-mail |
10/31/2013 |
7/29/2013 |
|
|
Reconstructive Orthopaedic Associates II, P.C. d/b/a Rothman Institute |
PA |
|
2350 |
2350 |
03/18/2013-05/13/2013 |
Theft, Unauthorized, Access/Disclosure |
Paper |
10/31/2013 |
10/31/2013 |
|
|
Hospice of the Chesapeake |
MD |
|
7606 |
7606 |
8/9/2013 |
Unauthorized Access/Disclosure |
E-mail |
10/31/2013 |
8/9/2013 |
|
|
Schuylkill Health System |
PA |
|
2810 |
2810 |
8/7/2013 |
Theft |
Laptop |
10/31/2013 |
8/7/2013 |
|
|
TSYS Employee Health Plan |
GA |
|
5232 |
5232 |
9/5/2013 |
Theft |
E-mail |
10/31/2013 |
9/5/2013 |
|
|
CaroMont Medical Group |
NC |
|
1310 |
1310 |
8/5/2013 |
Other |
E-mail |
10/31/2013 |
8/5/2013 |
|
|
Broward Health Medical Center |
FL |
|
960 |
960 |
10/01/2012 - 12/31/2012 |
Unauthorized Access/Disclosure |
Desktop Computer |
10/31/2013 |
10/31/2013 |
|
|
HOPE Family Health |
TN |
|
6932 |
6932 |
8/4/2013 |
Theft |
Laptop |
10/31/2013 |
8/4/2013 |
|
|
University of California, San Francisco |
CA |
|
3553 |
3553 |
9/9/2013 |
Theft |
Laptop, Paper |
10/31/2013 |
9/9/2013 |
|
|
Santa Clara Valley Medical Center |
CA |
|
579 |
579 |
09/14/2913 - 09/15/2013 |
Theft |
Laptop |
10/31/2013 |
10/31/2013 |
|
|
Sarah Benjamin, DPM - Littleton Podiatry |
CO |
|
3512 |
3512 |
8/27/2013 |
Theft |
Laptop |
10/31/2013 |
8/27/2013 |
|
|
Holy Cross Hospital, Inc. |
FL |
|
9900 |
9900 |
8/14/2013 |
Theft, Unauthorized, Access/Disclosure |
Desktop Computer, network server |
10/31/2013 |
8/14/2013 |
|
|
North Country Hospital and Health Center, Inc |
VT |
|
550 |
550 |
9/18/2013 |
Theft |
Laptop |
10/31/2013 |
9/18/2013 |
|
|
Sierra View District Hospital |
CA |
|
1009 |
1009 |
07/01/2013 - 08/02/2013 |
Unauthorized Access/Disclosure |
Electronic Medical Record |
10/31/2013 |
10/31/2013 |
|
|
Hankyu Chung, M.D. |
CA |
|
2182 |
2182 |
6/17/2013 |
Theft |
Laptop |
10/31/2013 |
6/17/2013 |
|
|
Paul G. Klein, DPM |
NJ |
|
2500 |
2500 |
10/1/2013 |
Theft |
Laptop |
11/13/2013 |
10/1/2013 |
|
|
Hospital for Special Surgery |
NY |
|
537 |
537 |
3/19/2013 |
Theft |
Desktop Computer, Paper |
11/13/2013 |
3/19/2013 |
|
|
Superior HealthPlan, Inc. |
TX |
|
6284 |
6284 |
10/4/2013 |
Other |
Paper |
11/13/2013 |
10/4/2013 |
|
|
Mount SInai Medical Center |
NY |
|
1586 |
1586 |
8/6/2013 |
Improper Disposal |
Paper |
11/13/2013 |
8/6/2013 |
|
|
Mount Sinai Medical Center |
NY |
|
610 |
610 |
8/1/2013 |
Loss |
Other Portable Electronic Device |
11/13/2013 |
8/1/2013 |
|
|
UnityPoint Health Affiliated Covered Entity ("UnityPoint") |
IA |
|
1825 |
1825 |
02/01/2013-08/27/2013 |
Unauthorized Access/Disclosure |
Electronic Medical Record |
11/13/2013 |
11/13/2013 |
|
|
Group Health Cooperative |
WA |
|
1015 |
1015 |
9/16/2013 |
Other |
Paper |
11/13/2013 |
9/16/2013 |
|
|
Hope Community Resources, Inc. |
AK |
|
1556 |
1556 |
8/19/2013 |
Unauthorized Access/Disclosure |
E-mail |
11/13/2013 |
8/19/2013 |
|
|
Rose Medical Center |
CO |
|
606 |
606 |
06/28/2013 - 07/16/2013 |
Improper Disposal |
Paper |
11/13/2013 |
11/13/2013 |
|
|
Rotech Healthcare Inc. |
FL |
|
10680 |
10680 |
11/26/2010 - 10/01/2013 |
Unauthorized Access/Disclosure |
Laptop |
12/16/2013 |
12/16/2013 |
|
|
Comprehensive Psychological Services LLC |
SC |
|
3500 |
3500 |
10/28/2013 |
Theft |
Laptop |
12/16/2013 |
10/28/2013 |
|
|
Spirit Home Health Care, Corp |
FL |
|
603 |
603 |
9/19/2013 |
Improper Disposal |
Paper |
12/16/2013 |
9/19/2013 |
|
|
Greater Dallas Orthopaedics, PLLC |
TX |
|
5840 |
5840 |
8/30/2013 |
Theft |
Desktop Computer |
12/16/2013 |
8/30/2013 |
|
|
Martin Luther King Jr. Health Center, Inc. |
NY |
|
37000 |
37000 |
9/23/2009 |
Unauthorized Access/Disclosure |
Network Server |
12/16/2013 |
9/23/2009 |
|
|
Reimbursement Technologies, Inc. |
PA |
|
2300 |
2300 |
05/01/2013 - 07/26/2013 |
Unauthorized Access/Disclosure |
Network Server |
12/16/2013 |
12/16/2013 |
|
|
Genesis Rehabilitation Services |
PA |
|
1167 |
1167 |
8/30/2013 |
Loss |
Other Portable Electronic Device |
12/16/2013 |
8/30/2013 |
|
|
Barnabas Health Medical Group |
NJ |
|
1100 |
1100 |
9/24/2013 |
Theft |
Laptop |
12/16/2013 |
9/24/2013 |
|
|
Blue Cross and Blue Shield of North Carolina |
NC |
|
687 |
687 |
10/14/2013 |
Unauthorized Access/Disclosure |
Paper |
12/16/2013 |
10/14/2013 |
|
|
UHS-Pruitt Corporation |
GA |
|
1300 |
1300 |
9/26/2013 |
Theft |
Laptop |
12/16/2013 |
9/26/2013 |
|
|
United Dynacare, LLC dba Dynacare Laboratories |
WI |
|
9328 |
9328 |
10/22/2013 |
Theft |
Other Portable Electronic Device |
12/16/2013 |
10/22/2013 |
|
|
Scottsdale Dermatology, LTD |
AZ |
All Source Medical Management |
1456 |
1456 |
01/01/2013 -10/04/2013 |
Theft |
Other |
12/16/2013 |
12/16/2013 |
|
|
Redwood Memorial Hospital |
CA |
|
1039 |
1039 |
11/6/2013 |
Loss |
Other Portable Electronic Device |
12/16/2013 |
11/6/2013 |
|
|
DaVita, a division of DaVita HealthCare Partners Inc |
CO |
|
11500 |
11500 |
9/6/2013 |
Theft, Other |
Laptop |
12/16/2013 |
9/6/2013 |
|
|
Colorado Health & Wellness, Inc |
CO |
|
651 |
651 |
9/4/2013 |
Theft, Unauthorized Access/Disclosure |
Electronic Medical Record |
12/16/2013 |
9/4/2013 |
|
|
David DiGiallorenzo, D.M.D. |
PA |
|
2600 |
2600 |
9/17/2012 |
Unauthorized Access/Disclosure,Hacking Incident |
Network Server, Electronic Medical Record |
12/16/2013 |
9/17/2012 |
|
|
Lee D. Pollan, DMD, PC |
NEW YORK |
|
19178 |
19178 |
11/06/2012-11/15/2012 |
Theft |
Laptop |
|
11/06/2012 |
|
|
The Feinstein Institute for Medical Research |
NEW YORK |
|
13000 |
13000 |
09/02/2012 |
Theft |
Laptop |
|
09/02/2012 |
|
|
Servicios Medicos Integrados de Fajardo |
PUERTO RICO |
T & P Consulting, Inc. d/b/a Quantum Health Consulting |
10000 |
10000 |
01/11/2012 |
Loss |
Laptop, Other Portable Electronic Device |
|
01/11/2012 |
|
|
Columbia University Medical Center and NewYork-Presbyterian Hospital |
NEW YORK |
|
4929 |
4929 |
10/12/2012-10/15/2012 |
Theft |
Desktop Computer |
|
10/12/2012 |
|
|
CenterLight Healthcare |
NEW YORK |
|
642 |
642 |
01/27/2012 |
Unauthorized Access/Disclosure |
E-mail |
|
01/27/2012 |
|
|
WYATT DENTAL GROUP, LLC |
LOUISIANA |
|
10271 |
10271 |
11/04/2011 -04/15/2012 |
Theft, Unauthorized Access/Disclosure |
Electronic Medical Record |
|
11/04/2011 |
|
|
DFA, Employee Benefits Division |
ARKANSAS |
Health Advantage |
7039 |
7039 |
10/13/2012 - 10/27/2012 |
Other |
Paper |
|
10/13/2012 |
|
|
Titus Regional Medical Center |
TEXAS |
|
5700 |
5700 |
03/27/2012 |
Loss, Unknown |
Laptop |
|
03/27/2012 |
|
|
Health Advantage |
ARKANSAS |
|
2863 |
2863 |
10/13/2012 - 10/27/2012 |
Other |
Paper |
|
10/13/2012 |
|
|
University of New Mexico Health Sciences Center |
NEW MEXICO |
|
2365 |
2365 |
05/21/2012 |
Hacking/IT Incident |
Network Server |
|
05/21/2012 |
|
|
Pousson Family Dentistry |
LOUISIANA |
|
1400 |
1400 |
12/03/2012 |
Theft |
Laptop |
|
12/03/2012 |
|
|
Baptist Health System |
ARKANSAS |
Health Advantage |
811 |
811 |
10/13/2012-10/27/2012 |
Other |
Paper |
|
10/13/2012 |
|
|
Original Medicine Acupuncture & Wellness, LLC |
NEW MEXICO |
|
540 |
540 |
09/07/2012 - 09/09/2012 |
Theft |
Laptop |
|
9/7/2012 |
|
|
Litton & Giddings Radiological Associates, P.C. |
MISSOURI |
PST Services, Inc |
13074 |
13074 |
07/31/2012 - 08/02/2012 |
Improper Disposal |
Paper |
|
7/31/2012 |
|
|
Visiting Nurse Services of Iowa |
IOWA |
|
1298 |
1298 |
05/27/2012 |
Theft |
Paper |
|
5/27/2012 |
|
|
Washington University School of Medicine |
MISSOURI |
|
1105 |
1105 |
11/28/2012 |
Theft |
Laptop |
|
11/28/2012 |
|
|
University of Nevada School of Medicine |
NEVADA |
|
1483 |
1483 |
10/11/2012 |
Improper Disposal |
Paper |
|
10/11/2012 |
|
|
County of San Bernardino Department of Public Heatlh |
CALIFORNIA |
|
1370 |
1370 |
09/28/2012 - 09/30/2012 |
Unauthorized Access/Disclosure |
Paper |
|
9/28/2012 |
|
|
AccentCare Home Health of California, Inc. |
CALIFORNIA |
|
1000 |
1000 |
04/20/2012 - 04/21/2012 |
Unauthorized Access/Disclosure |
E-mail |
|
4/20/2012 |
|
|
El Centro Regional Medical Center |
CALIFORNIA |
Digital Archive Management |
501 |
501 |
11/07/2012 |
Theft, Improper Disposal |
Network Server, Paper |
|
11/07/2012 |
|
|
Molalla Family Dental |
OREGON |
|
4354 |
4354 |
05/17/2012 |
Unauthorized Access/Disclosure, Hacking/IT Incident, Other |
Network Server |
|
05/17/2012 |
|
|
St. Elizabeth's Medical Center |
MASSACHUSETTS |
|
6831 |
6831 |
02/01/2012 |
Loss |
Paper |
|
02/01/2012 |
|
|
Children's Hospital Boston |
MASSACHUSETTS |
|
2159 |
2159 |
03/25/2012 |
Theft |
Laptop |
|
03/25/2012 |
|
|
New Mexico Oncology Hematology Consultants, Ltd |
NM |
|
12354 |
12354 |
11/13/2013 |
Theft |
Laptop |
|
11/13/2013 |
|
|
South Carolina Health Insurance Pool |
SC |
De Loach & Williamson |
3432 |
3432 |
10/16/2013 |
Theft |
Laptop |
|
10/16/2013 |
|
|
L.A. Gay & Lesbian Center |
CA |
|
59000 |
59000 |
09/17/2013 - 11/08/2013 |
Hacking/IT Incident |
Network Server |
|
9/17/2013 |
|
|
Rob Meaglia, Dds |
CA |
|
1400 |
1400 |
12/16/2013 |
Theft |
Desktop Computer |
|
12/16/2013 |
|
|
Wyoming Department Of Health |
WY |
|
11935 |
11935 |
10/16/2013 |
Unauthorized Access/Disclosure |
Network Server |
|
10/16/2013 |
|
|
Terrell County Health Department |
GEORGIA |
|
18000 |
18000 |
01/09/2012 - 04/17/2012 |
Unauthorized Access/Disclosure |
Network Server |
|
1/9/2012 |
|
|
Carolinas Medical Center - Randolph |
NORTH CAROLINA |
|
5600 |
5600 |
03/11/2012 - 10/08/2012 |
Hacking/IT Incident |
E-mail |
|
3/11/2012 |
|
|
Florida Healthy Kids Corporation |
FLORIDA |
DentaQuest of Florida, LLC |
3667 |
3667 |
11/01/2012-12/20/2012 |
Unauthorized Access/Disclosure |
Paper |
|
11/1/2012 |
|
|
Coastal home Respiratory, LLP |
GEORGIA |
|
3440 |
3440 |
10/04/2012 |
Theft |
Other |
|
10/04/2012 |
|
|
Miami Beach Healthcare Group Ltd. dba Aventura Hospital and Medical Center |
FLORIDA |
|
2560 |
2560 |
01/01/2012 - 09/12/2012 |
Theft |
Electronic Medical Record |
|
1/1/2012 |
|
|
Baptist Health System |
ALABAMA |
|
1655 |
1655 |
03/08/2012 |
Improper Disposal |
Paper |
|
03/08/2012 |
|
|
Volunteer State Health Plan, Inc. |
TENNESSEE |
|
1102 |
1102 |
03/16/2012-04/20/2012 |
Loss |
Paper |
|
3/16/2012 |
|
|
Vidant Pungo Hospital |
NORTH CAROLINA |
|
1100 |
1100 |
10/04/2012 |
Improper Disposal |
Paper |
|
10/04/2012 |
|
|
Jackson Health System |
FLORIDA |
|
566 |
566 |
05/26/2011 - 02/18/2012 |
Other |
Paper |
|
5/26/2011 |
|
|
St. Joseph Health System |
CALIFORNIA |
|
31,798 |
31798 |
02/01/2011-02/13/2012 |
Unauthorized Access/Disclosure |
Network Server |
|
2/1/2011 |
|
|
Advanced Data Processing, Inc. |
FLORIDA |
Advanced Data Processing, Inc. |
32000 |
32000 |
06/15/2012 -10/01/2012 |
Theft |
Desktop Computer |
|
6/15/2012 |
Incident involved PHI from: 1st response Medical Transpot Corp.; City of North College Hill; Okaloosa County Public Safety; Sumner County Emergency Medical Services; City of Seguin - Fire/EMS Department; City of Overland Park Fire Department; Osceola County EMS; City of Gloucester, Fire Department; Washington County EMS; City of Covington Kentucky Fire Department; Sandoval County Fire Department; Frederick County Division of Fire Rescue; Village of North Palm Beach Fire Rescue; Bonham Fire Department; North Lake Tahoe Fire Protection District; Tahoe Douglas Fire Protection District; McAlester Fire/EMS; City of Blue Springs EMS; City of Azle Fire Department; City of Casselberry; Harris County Emergency Corps; Valparaiso Fire Department; City of Victoria Fire Department; City of Yuma; City of Atlanta/ Atlanta Fire Rescue Department; Omaha Fire & Rescue; City of Omaha; City of Berkeley; Cumberland County Hospital System, Inc.; Grady Health System; City of Los Angeles/Los Angeles Fire Dept.; City of Corona; City of Yuma; and City of Omaha |
|
Memorial Health System |
COLORADO |
|
6262 |
6262 |
05/01/2012 |
Loss |
Paper |
|
05/01/2012 |
|
|
Metcare of Florida, Inc. |
FLORIDA |
|
2557 |
2557 |
05/01/2012 - 05/02/2012 |
Theft |
Other Portable Electronic Device |
|
5/1/2012 |
|
|
Cabinet for Health and Family Services, Department for Community Based Services (Protection and Permanency) |
KENTUCKY |
|
2500 |
2500 |
07/20/2012 |
Unauthorized Access/Disclosure |
E-mail |
|
07/20/2012 |
|
|
Health Texas Provider Network - Cardiovascular Consultants of North Texas |
TEXAS |
|
2462 |
2462 |
03/16/2012 - 05/11/2012 |
Unauthorized Access/Disclosure |
Electronic Medical Record |
|
3/16/2012 |
|
|
Ochsner Health System |
LOUISIANA |
|
2088 |
2088 |
01/19/2012 |
Loss |
Other Portable Electronic Device |
|
01/19/2012 |
|
|
CIty of Joliet |
ILLINOIS |
Quality Health Claims Consultants, LLC |
1573 |
1573 |
10/08/2013 |
Unauthorized Access/Disclosure |
E-mail |
|
10/08/2013 |
|
|
City of Chicago |
ILLINOIS |
|
2080 |
2080 |
06/18/2013 - 10/07/2013 |
Unauthorized Access/Disclosure |
Network Server |
|
6/18/2013 |
|
|
Medical Mutual of Ohio |
OHIO |
|
643 |
643 |
10/16/2013 - 10/17/2013 |
Unauthorized Access/Disclosure |
Paper |
|
10/16/2013 |
|
|
Kaiser Foundation Hospital- Orange County |
CALIFORNIA |
|
49000 |
49000 |
09/25/2013 |
Loss |
Other Portable Electronic Device |
|
09/25/2013 |
|
|
Molina Healthcare of Texas, Inc. |
TEXAS |
|
2826 |
2826 |
10/01/2013 |
Other |
Paper |
|
10/01/2013 |
|
|
Jones Chiropractic and Maximum Health |
INDIANA |
|
1500 |
1500 |
10/13/2013 |
Theft |
Desktop Computer |
|
10/13/2013 |
|
|
Ronald Schubert MD PLLC |
WASHINGTON |
|
950 |
950 |
11/22/2013 |
Theft |
Laptop |
|
11/22/2013 |
|
|
North Carolina Department of Health and Human Services - Division of State Operated Health Care Facilities |
NORTH CAROLINA |
|
1315 |
1315 |
08/13/2013 |
Unauthorized Access/Disclosure |
Other |
|
08/13/2013 |
|
|
Puerto Rico Health Insurance Administration (PRHIA) |
PUERTO RICO |
Triple S Salud Inc. |
13336 |
13336 |
09/20/2013 |
Unauthorized Access/Disclosure |
Paper |
|
09/20/2013 |
|
|
Triple-S Salud |
PUERTO RICO |
|
70189 |
70189 |
09/20/2013 |
Unauthorized Access/Disclosure |
Paper |
|
09/20/2013 |
|
|
Associated Urologists of North Carolina |
NORTH CAROLINA |
|
7300 |
7300 |
09/17/2012 - 09/17/2013 |
Other |
Other |
|
9/17/2012 |
|
|
Kemmet Dental Design |
NORTH DAKOTA |
|
2000 |
2000 |
11/10/2013 |
Theft, Other |
Paper |
|
11/10/2013 |
|
|
SSM St. Maryís Health Center |
MISSOURI |
Saint Louis University |
1300 |
1300 |
07/25/2013 |
Unauthorized Access/Disclosure |
E-mail |
|
07/25/2013 |
|
|
Good Samaritan Hospital |
CALIFORNIA |
|
3833 |
3833 |
07/08/2013 |
Theft |
Laptop |
|
07/08/2013 |
|
|
BRONX-LEBANON HOSPITAL CENTER |
NEW YORK |
PROFESSIONAL TRANSCRIPTION SERVICES |
10930 |
10930 |
09/23/2009 |
Unauthorized Access/Disclosure |
Network Server |
|
09/23/2009 |
|
|
SIU HealthCare |
ILLINOIS |
|
1891 |
1891 |
09/13/2013 - 10/15/2013 |
Theft, Loss |
Laptop |
|
9/13/2013 |
|
|
The Good Samaritan Health Center |
GEORGIA |
|
5000 |
5000 |
11/06/2013 |
Other |
Desktop Computer |
|
11/06/2013 |
|
|
UniHealth Source |
GEORGIA |
|
4500 |
4500 |
10/08/2013 |
Theft |
Laptop |
|
10/08/2013 |
|
|
Horizon Healthcare Services, Inc., doing business as Horizon Blue Cross Blue Shield of New Jersey, and its affiliates |
NEW JERSEY |
|
839711 |
839711 |
11/01/2013 |
Theft |
Laptop |
|
11/01/2013 |
|
|
Walgreen Co. |
ILLINOIS |
|
17350 |
17350 |
09/18/2013 - 10/04/2013 |
Other |
Paper |
|
9/18/2013 |
|
|
Methodist Dallas Medical Center |
TEXAS |
|
44000 |
44000 |
09/01/2005 - 08/01/2013 |
Unauthorized Access/Disclosure |
Other |
|
8/1/2013 |
|
|
Florida Digestive Health Specialists |
FLORIDA |
|
4400 |
4400 |
03/06/2013 -09/09/2013 |
Unauthorized Access/Disclosure |
Desktop Computer |
|
3/6/2013 |
|
|
Northside Hospital, Inc. |
GEORGIA |
|
4879 |
4879 |
10/10/2013 |
Loss |
Laptop |
|
10/10/2013 |
|
|
Health Help, Inc. |
KENTUCKY |
|
535 |
535 |
10/15/2013 |
Theft |
Other Portable Electronic Device |
|
10/15/2013 |
|
|
Mosaic |
NEBRASKA |
|
3857 |
3857 |
10/11/2013 |
Other |
E-mail |
|
10/11/2013 |
|
|
New Jersey Department of Human Services |
NEW JERSEY |
Island Peer Review Organization |
9642 |
9642 |
10/18/2013 |
Loss |
Other Portable Electronic Device |
|
10/18/2013 |
|
|
Fairfax County, Virginia |
VIRGINIA |
Molina Healthcare In |
1499 |
1499 |
09/09/2013 - 10/03/2013 |
Unauthorized Access/Disclosure |
Network Server |
|
9/9/2013 |
|
|
Shiloh Medical Clinic |
MONTANA |
|
1900 |
1900 |
11/08/2013 |
Unauthorized Access/Disclosure |
Desktop Computer, E-mail |
|
11/08/2013 |
|
|
Tennova Cardiology |
TENNESSEE |
Colby DeHart |
2777 |
2777 |
10/21/2013 |
Theft |
Laptop |
|
10/21/2013 |
|
|
Tranquility Counseling Services |
NORTH CAROLINA |
|
1683 |
1683 |
11/01/2013 |
Other |
Paper |
|
11/01/2013 |
|