4500 Patient Records Found During Drug Bust

Posted on June 12, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In the healthcare world, it seems that HIPAA privacy violations & HIPAA Lawsuits are the car accidents that people can’t resist checking out. In most cases, people in healthcare are mostly interested to see what happened with the HIPAA violation and what the consequences were for that violation. In fact, these violations wake people up to the HIPAA policies better than any other means, but I digress.

Since this blog is called EMR and HIPAA, I try and cover various HIPAA related issues I hear about in the news. Today’s HIPAA breach is pretty crazy. It was discovered during a drug bust by the Alameda County Sheriff’s department. During the drug related investigation they found information for 4,500 patients from three hospitals: Alta Bates Summit, Sutter Delta, and Eden Medical Center.

Sutter Health posted a notice about the breach. The notice says that the information could have included: a patient’s name, Social Security number, date of birth, gender, address, zip code, home phone number, marital status, name of employer and work phone number. Sutter has offered free credit monitoring services for those patients who are involved. Plus, they have a hotline set up for those who have questions.

This situation is a bit unique since it seems they haven’t been able to identify exactly which hospital the patients are from. If that’s the case, then releasing all of the patient data to all 3 hospitals could be a breach as well, no? I’m good with making sure you notify everyone on the list that could be affected. They should be notified, but I’d be interested to know which parts of the 4,500 patients was shared with which hospital.

I wonder if large organizations like Sutter Health are creating a permanent department for breaches.