A busy week, especially for breaches

Aside from a $43 billion merger, support for expanded telehealth, the first “wearable record,” new FDA guidance and a startup from the former head of the Office of the National Coordinator for Health IT, privacy and security news populated our headlines.

ONC’s chief privacy officer, Joy Pritts, is stepping down amid reports of several data breaches. A stolen unencrypted USB drive is the source of a breach affecting almost 34,000 patients of Santa Rosa Memorial Hospital in California. And, human error was the cause of two breaches at Rady Children’s Hospital-San Diego when an employee inadvertently emailed four job applicants a spreadsheet containing identifiable information of 14,121 patients admitted to Rady’s Hospital between July 1, 2012 and June 30, 2013.

Meanwhile, a report revealed that since 2009, the Department of Health & Human Services (HHS) has reported more than 1,000 medical record breaches affecting 500 or more individuals.

Those breaches have cumulatively impacted 31.7 million individuals. Causes include theft (529 breaches); unauthorized access and disclosure (165 breaches); unknown/other (113 breaches); loss of data (102 breaches); hacking (76 breaches); and improper disposal (42 breaches).

States with the most breaches include California (110); Texas (82); and Florida (65).

Speaking at a recent American Bar Association conference, HHS Chief Rights Counsel Jerome Meites said he expects penalties for HIPAA violations to increase significantly next year, according to an article in The Hill. Since 2013, the agency has received more than $10 million for alleged HIPAA violations.

Are more penalties the remedy for all these breaches? Something needs to break the cycle.

Beth Walsh

Clinical Innovation + Technology editor