California officials have received more than 800 reports of health data breaches in the first five months after a new state law went into effect January 1.
The law requires health care organizations in California to report suspected incidents of intentional and unintentional unauthorized breaches of a patient’s personally identifiable health information to the California Department of Public Health. Of the cases reported, which also include complaints from patients, officials have conducted full investigations on 122 cases so far and confirmed 116 as actual breaches. The types of breaches run the gamut from unintentionally faxing a patient’s chart or test reports to the wrong phone number to intentional snooping by workers. Most of the breaches reported so far have been unintentional.
Officials can fine offending organizations or individuals up to $250,000 for a breach, depending on the nature of the breach and the extent of the harm it caused, the Journal reports. http://www.wired.com/threatlevel/2009/07/health-breaches/
MIAOULIS NOTE: The recently passed ARRA/HITECH legislation adds a breach notification requirement on all covered entities.