10. Eisenhower Medical Center
Thanks to the Aug. 2009 Breach Notification Rule included in the Health Information Technology for Economic and Clinical Health (HITECH) Act, HIPAA-covered entities and associated businesses are required to provide notification following a data breach of protected health information (PHI). Groups reporting breaches that compromised the PHI of 500 individuals or more must be posted by the Department of Health and Human Services (HHS). Since the 2009 rule, 489 HIPAA-covered entities have reported breaches involving 500 individuals or more. Here is a collection of the nation’s biggest HIPAA breaches. Data from the Department of Health and Human Services.
Individuals Affected: 514,330
When: March 11, 2011
The Rancho Mirage, Calif.-based hospital reported stolen an unencrypted computer containing patient names, ages, dates of births, partial Social Security numbers and the hospital’s medical record number. Hospital officials did not discover the computer had been stolen until March 14, 2011.