The U.S. Department of Health & Human Services posted a new list of data breaches affecting 500 or more people. What jumps out from the list is the variety of breach sources — including desktop computers, laptops, backup tapes, and paper documents. Facilities currently assessing their security policies and procedures might first look in these places to shore up vulnerabilities.
Some of the greatest hits from this lengthy list:
- 9,309 records lost from a Missouri facility via desktop computer theft.
- 10,000 records lost from a Michigan vendor via theft of backup tapes.
- 359,000 records lost from a Florida facility via laptop theft.
- 596 records lost from a Massachusetts facility via paper documents.
Many breaches occurred via portable electronic devices, HHS also notes. What’s your policy concerning people who bring thumb drives to work? What will your policy be in the future, considering that patients may be toting their own personal health records on thumb drives? All these questions need to be addressed in this new era of HIPAA accountability.