The following incidents were all added this past week to HHS’s public breach tool. Unfortunately, I can find no notices or documentation online to explain them:
Specialty Clinics Of Georgia – Orthopaedics reported that 2,350 patients were affected by a breach on June 26, 2014 involving “Theft, Paper.”
St John’s Episcopal Hospital in New York reported that its business associate, Emdeon, was involved in a breach that affected 566 patients. The date of the breach is listed as July 24, 2012. I hope that’s a typo, but in the absence of information…. The breach was coded as “theft, paper.”
The WellPoint Affiliated Covered Entities in Indiana reported that 1,464 people were affected by a breach on April 1 that was coded as “Unauthorized Access/Disclosure” of paper records. Wellpoint did not respond to an email inquiry sent to them about the breach, so we don’t know if this was a mailing error or what.
But what all three breaches have in common is that they involve “Paper.” Not as news-sexy to most reporters as hacks or malware, but this is a useful reminder that there is still, and probably always will be, a lot of protected health information in paper format, and it needs to be rigorously protected.
If anyone has/finds additional details about these incidents, please use the Comments section below to let me know.