Podiatry Coding & Billing Alert

Most breaches involve unauthorized access.

Despite all the focus on cyber security and hacking incidents, the reported large breaches this February have reinforced the concern that paper records can cause just as much trouble in your HIPAA compliance as your electronic systems and devices.

In February, there were 17 total breaches affecting 500 or more individuals, according to the HHS Office for Civil Rights (OCR) “Wall of Shame.” As usual, healthcare providers accounted for the vast majority of the reported breaches, with 11 incidences, followed by three breaches from health plans and another three from business associates.

Most (eight) reported breaches involved unauthorized access/disclosure, while theft accounted for five breaches. Two breaches stemmed from hacking/IT incidents and another two were due to loss.

For the reported “location of breached information,” the breaches in February were a mixed bag. Five breaches involved paper/films, three involved network servers, and two involved laptops. Other locations included email (two breaches), electronic medical record (one), desktop computer (one), and “other” (three).

By far, the largest breach occurred at healthcare provider Radiology Regional Center in Florida, affecting 483,063 individuals. The breach occurred due to loss of paper/films. You can view the OCR’s “Wall of Shame” at https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf.