Exam 1
Ross
October 16, 2018
library(dplyr)
library(tidyverse)
library(“tm”)
library(“SnowballC”)
library(“RColorBrewer”)
library(“wordcloud”)
library(lubridate)
library(sqldf)
##
## Attaching package: 'dplyr'## The following objects are masked from 'package:stats':
##
## filter, lag## The following objects are masked from 'package:base':
##
## intersect, setdiff, setequal, union## -- Attaching packages ------------------------------------------------------- tidyverse 1.2.1 --## v ggplot2 3.0.0 v readr 1.1.1
## v tibble 1.4.2 v purrr 0.2.5
## v tidyr 0.8.1 v stringr 1.3.1
## v ggplot2 3.0.0 v forcats 0.3.0## -- Conflicts ---------------------------------------------------------- tidyverse_conflicts() --
## x dplyr::filter() masks stats::filter()
## x dplyr::lag() masks stats::lag()## Loading required package: NLP##
## Attaching package: 'NLP'## The following object is masked from 'package:ggplot2':
##
## annotate##
## Attaching package: 'lubridate'## The following object is masked from 'package:base':
##
## date## Loading required package: gsubfn## Loading required package: proto## Loading required package: RSQLite## Parsed with column specification:
## cols(
## `Name of Covered Entity` = col_character(),
## State = col_character(),
## `Covered Entity Type` = col_character(),
## `Individuals Affected` = col_integer(),
## `Breach Submission Date` = col_character(),
## `Type of Breach` = col_character(),
## `Location of Breached Information` = col_character(),
## `Business Associate Present` = col_character(),
## `Web Description` = col_character()
## )
## Parsed with column specification:
## cols(
## `Name of Covered Entity` = col_character(),
## State = col_character(),
## `Covered Entity Type` = col_character(),
## `Individuals Affected` = col_integer(),
## `Breach Submission Date` = col_character(),
## `Type of Breach` = col_character(),
## `Location of Breached Information` = col_character(),
## `Business Associate Present` = col_character(),
## `Web Description` = col_character()
## )## row col
## [1,] 772 41.1 This document is intended to replace the previous report for all data breaches of covered entities impacting at least 500 people. The goal is for this document to be more interactive by adding interactive charts and graphs as well as summary statistics and the requisite analytics.
1.2 The data for both the resolved and under investigation breaches describes multiple matters concerning the entity and it’s breach including: the organization breached, the number of people affected, where the information was stored, when the breach was reported and how it happened, as well as which state the organization is in. Whether or not any business associates were involved, and sometimes a description of the breach and it’s resolution.
1.3 My current approach is to divide the data by several variables such as time, type, size, and location to glean more insights into the nature of the data without having to create too many unique datasets.
1.4 My analysis will allow readers to quickly answer some of the likely questions they may have regarding the data and determine areas for further research. For instance, it becomes quickly apparent that more [Healthcare] data breaches occur on Fridays than any other day, and by more than double the next highest.
## [1] "Largest Healthcare Data Breaches"##
## 1055489
## 21st Century Oncology 0
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 0
## Anthem, Inc. Affiliated Covered Entity 0
## AvMed, Inc. 0
## Banner Health 0
## CareFirst BlueCross BlueShield 0
## Community Health Systems Professional Services Corporation 0
## Community Health Systems Professional Services Corporations 0
## Excellus Health Plan, Inc. 0
## GRM Information Management Services 0
## IBM 0
## Iowa Health System d/b/a UnityPoint Health 0
## Medical Informatics Engineering 0
## Montana Department of Public Health & Human Services 0
## Newkirk Products, Inc. 0
## Premera Blue Cross 0
## Science Applications International Corporation (SA 0
## The Nemours Foundation 1
## University of California, Los Angeles Health 0
## Xerox State Healthcare, LLC 0
##
## 1062509
## 21st Century Oncology 0
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 0
## Anthem, Inc. Affiliated Covered Entity 0
## AvMed, Inc. 0
## Banner Health 0
## CareFirst BlueCross BlueShield 0
## Community Health Systems Professional Services Corporation 0
## Community Health Systems Professional Services Corporations 0
## Excellus Health Plan, Inc. 0
## GRM Information Management Services 0
## IBM 0
## Iowa Health System d/b/a UnityPoint Health 0
## Medical Informatics Engineering 0
## Montana Department of Public Health & Human Services 1
## Newkirk Products, Inc. 0
## Premera Blue Cross 0
## Science Applications International Corporation (SA 0
## The Nemours Foundation 0
## University of California, Los Angeles Health 0
## Xerox State Healthcare, LLC 0
##
## 1100000
## 21st Century Oncology 0
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 0
## Anthem, Inc. Affiliated Covered Entity 0
## AvMed, Inc. 0
## Banner Health 0
## CareFirst BlueCross BlueShield 1
## Community Health Systems Professional Services Corporation 0
## Community Health Systems Professional Services Corporations 0
## Excellus Health Plan, Inc. 0
## GRM Information Management Services 0
## IBM 0
## Iowa Health System d/b/a UnityPoint Health 0
## Medical Informatics Engineering 0
## Montana Department of Public Health & Human Services 0
## Newkirk Products, Inc. 0
## Premera Blue Cross 0
## Science Applications International Corporation (SA 0
## The Nemours Foundation 0
## University of California, Los Angeles Health 0
## Xerox State Healthcare, LLC 0
##
## 1220000
## 21st Century Oncology 0
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 0
## Anthem, Inc. Affiliated Covered Entity 0
## AvMed, Inc. 1
## Banner Health 0
## CareFirst BlueCross BlueShield 0
## Community Health Systems Professional Services Corporation 0
## Community Health Systems Professional Services Corporations 0
## Excellus Health Plan, Inc. 0
## GRM Information Management Services 0
## IBM 0
## Iowa Health System d/b/a UnityPoint Health 0
## Medical Informatics Engineering 0
## Montana Department of Public Health & Human Services 0
## Newkirk Products, Inc. 0
## Premera Blue Cross 0
## Science Applications International Corporation (SA 0
## The Nemours Foundation 0
## University of California, Los Angeles Health 0
## Xerox State Healthcare, LLC 0
##
## 1421107
## 21st Century Oncology 0
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 0
## Anthem, Inc. Affiliated Covered Entity 0
## AvMed, Inc. 0
## Banner Health 0
## CareFirst BlueCross BlueShield 0
## Community Health Systems Professional Services Corporation 0
## Community Health Systems Professional Services Corporations 0
## Excellus Health Plan, Inc. 0
## GRM Information Management Services 0
## IBM 0
## Iowa Health System d/b/a UnityPoint Health 1
## Medical Informatics Engineering 0
## Montana Department of Public Health & Human Services 0
## Newkirk Products, Inc. 0
## Premera Blue Cross 0
## Science Applications International Corporation (SA 0
## The Nemours Foundation 0
## University of California, Los Angeles Health 0
## Xerox State Healthcare, LLC 0
##
## 1700000
## 21st Century Oncology 0
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 0
## Anthem, Inc. Affiliated Covered Entity 0
## AvMed, Inc. 0
## Banner Health 0
## CareFirst BlueCross BlueShield 0
## Community Health Systems Professional Services Corporation 0
## Community Health Systems Professional Services Corporations 0
## Excellus Health Plan, Inc. 0
## GRM Information Management Services 1
## IBM 0
## Iowa Health System d/b/a UnityPoint Health 0
## Medical Informatics Engineering 0
## Montana Department of Public Health & Human Services 0
## Newkirk Products, Inc. 0
## Premera Blue Cross 0
## Science Applications International Corporation (SA 0
## The Nemours Foundation 0
## University of California, Los Angeles Health 0
## Xerox State Healthcare, LLC 0
##
## 1900000
## 21st Century Oncology 0
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 0
## Anthem, Inc. Affiliated Covered Entity 0
## AvMed, Inc. 0
## Banner Health 0
## CareFirst BlueCross BlueShield 0
## Community Health Systems Professional Services Corporation 0
## Community Health Systems Professional Services Corporations 0
## Excellus Health Plan, Inc. 0
## GRM Information Management Services 0
## IBM 1
## Iowa Health System d/b/a UnityPoint Health 0
## Medical Informatics Engineering 0
## Montana Department of Public Health & Human Services 0
## Newkirk Products, Inc. 0
## Premera Blue Cross 0
## Science Applications International Corporation (SA 0
## The Nemours Foundation 0
## University of California, Los Angeles Health 0
## Xerox State Healthcare, LLC 0
##
## 2000000
## 21st Century Oncology 0
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 0
## Anthem, Inc. Affiliated Covered Entity 0
## AvMed, Inc. 0
## Banner Health 0
## CareFirst BlueCross BlueShield 0
## Community Health Systems Professional Services Corporation 0
## Community Health Systems Professional Services Corporations 0
## Excellus Health Plan, Inc. 0
## GRM Information Management Services 0
## IBM 0
## Iowa Health System d/b/a UnityPoint Health 0
## Medical Informatics Engineering 0
## Montana Department of Public Health & Human Services 0
## Newkirk Products, Inc. 0
## Premera Blue Cross 0
## Science Applications International Corporation (SA 0
## The Nemours Foundation 0
## University of California, Los Angeles Health 0
## Xerox State Healthcare, LLC 1
##
## 2213597
## 21st Century Oncology 1
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 0
## Anthem, Inc. Affiliated Covered Entity 0
## AvMed, Inc. 0
## Banner Health 0
## CareFirst BlueCross BlueShield 0
## Community Health Systems Professional Services Corporation 0
## Community Health Systems Professional Services Corporations 0
## Excellus Health Plan, Inc. 0
## GRM Information Management Services 0
## IBM 0
## Iowa Health System d/b/a UnityPoint Health 0
## Medical Informatics Engineering 0
## Montana Department of Public Health & Human Services 0
## Newkirk Products, Inc. 0
## Premera Blue Cross 0
## Science Applications International Corporation (SA 0
## The Nemours Foundation 0
## University of California, Los Angeles Health 0
## Xerox State Healthcare, LLC 0
##
## 3466120
## 21st Century Oncology 0
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 0
## Anthem, Inc. Affiliated Covered Entity 0
## AvMed, Inc. 0
## Banner Health 0
## CareFirst BlueCross BlueShield 0
## Community Health Systems Professional Services Corporation 0
## Community Health Systems Professional Services Corporations 0
## Excellus Health Plan, Inc. 0
## GRM Information Management Services 0
## IBM 0
## Iowa Health System d/b/a UnityPoint Health 0
## Medical Informatics Engineering 0
## Montana Department of Public Health & Human Services 0
## Newkirk Products, Inc. 1
## Premera Blue Cross 0
## Science Applications International Corporation (SA 0
## The Nemours Foundation 0
## University of California, Los Angeles Health 0
## Xerox State Healthcare, LLC 0
##
## 3620000
## 21st Century Oncology 0
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 0
## Anthem, Inc. Affiliated Covered Entity 0
## AvMed, Inc. 0
## Banner Health 1
## CareFirst BlueCross BlueShield 0
## Community Health Systems Professional Services Corporation 0
## Community Health Systems Professional Services Corporations 0
## Excellus Health Plan, Inc. 0
## GRM Information Management Services 0
## IBM 0
## Iowa Health System d/b/a UnityPoint Health 0
## Medical Informatics Engineering 0
## Montana Department of Public Health & Human Services 0
## Newkirk Products, Inc. 0
## Premera Blue Cross 0
## Science Applications International Corporation (SA 0
## The Nemours Foundation 0
## University of California, Los Angeles Health 0
## Xerox State Healthcare, LLC 0
##
## 3900000
## 21st Century Oncology 0
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 0
## Anthem, Inc. Affiliated Covered Entity 0
## AvMed, Inc. 0
## Banner Health 0
## CareFirst BlueCross BlueShield 0
## Community Health Systems Professional Services Corporation 0
## Community Health Systems Professional Services Corporations 0
## Excellus Health Plan, Inc. 0
## GRM Information Management Services 0
## IBM 0
## Iowa Health System d/b/a UnityPoint Health 0
## Medical Informatics Engineering 1
## Montana Department of Public Health & Human Services 0
## Newkirk Products, Inc. 0
## Premera Blue Cross 0
## Science Applications International Corporation (SA 0
## The Nemours Foundation 0
## University of California, Los Angeles Health 0
## Xerox State Healthcare, LLC 0
##
## 4029530
## 21st Century Oncology 0
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 1
## Anthem, Inc. Affiliated Covered Entity 0
## AvMed, Inc. 0
## Banner Health 0
## CareFirst BlueCross BlueShield 0
## Community Health Systems Professional Services Corporation 0
## Community Health Systems Professional Services Corporations 0
## Excellus Health Plan, Inc. 0
## GRM Information Management Services 0
## IBM 0
## Iowa Health System d/b/a UnityPoint Health 0
## Medical Informatics Engineering 0
## Montana Department of Public Health & Human Services 0
## Newkirk Products, Inc. 0
## Premera Blue Cross 0
## Science Applications International Corporation (SA 0
## The Nemours Foundation 0
## University of California, Los Angeles Health 0
## Xerox State Healthcare, LLC 0
##
## 4500000
## 21st Century Oncology 0
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 0
## Anthem, Inc. Affiliated Covered Entity 0
## AvMed, Inc. 0
## Banner Health 0
## CareFirst BlueCross BlueShield 0
## Community Health Systems Professional Services Corporation 1
## Community Health Systems Professional Services Corporations 1
## Excellus Health Plan, Inc. 0
## GRM Information Management Services 0
## IBM 0
## Iowa Health System d/b/a UnityPoint Health 0
## Medical Informatics Engineering 0
## Montana Department of Public Health & Human Services 0
## Newkirk Products, Inc. 0
## Premera Blue Cross 0
## Science Applications International Corporation (SA 0
## The Nemours Foundation 0
## University of California, Los Angeles Health 1
## Xerox State Healthcare, LLC 0
##
## 4900000
## 21st Century Oncology 0
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 0
## Anthem, Inc. Affiliated Covered Entity 0
## AvMed, Inc. 0
## Banner Health 0
## CareFirst BlueCross BlueShield 0
## Community Health Systems Professional Services Corporation 0
## Community Health Systems Professional Services Corporations 0
## Excellus Health Plan, Inc. 0
## GRM Information Management Services 0
## IBM 0
## Iowa Health System d/b/a UnityPoint Health 0
## Medical Informatics Engineering 0
## Montana Department of Public Health & Human Services 0
## Newkirk Products, Inc. 0
## Premera Blue Cross 0
## Science Applications International Corporation (SA 1
## The Nemours Foundation 0
## University of California, Los Angeles Health 0
## Xerox State Healthcare, LLC 0
##
## 10000000
## 21st Century Oncology 0
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 0
## Anthem, Inc. Affiliated Covered Entity 0
## AvMed, Inc. 0
## Banner Health 0
## CareFirst BlueCross BlueShield 0
## Community Health Systems Professional Services Corporation 0
## Community Health Systems Professional Services Corporations 0
## Excellus Health Plan, Inc. 1
## GRM Information Management Services 0
## IBM 0
## Iowa Health System d/b/a UnityPoint Health 0
## Medical Informatics Engineering 0
## Montana Department of Public Health & Human Services 0
## Newkirk Products, Inc. 0
## Premera Blue Cross 0
## Science Applications International Corporation (SA 0
## The Nemours Foundation 0
## University of California, Los Angeles Health 0
## Xerox State Healthcare, LLC 0
##
## 11000000
## 21st Century Oncology 0
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 0
## Anthem, Inc. Affiliated Covered Entity 0
## AvMed, Inc. 0
## Banner Health 0
## CareFirst BlueCross BlueShield 0
## Community Health Systems Professional Services Corporation 0
## Community Health Systems Professional Services Corporations 0
## Excellus Health Plan, Inc. 0
## GRM Information Management Services 0
## IBM 0
## Iowa Health System d/b/a UnityPoint Health 0
## Medical Informatics Engineering 0
## Montana Department of Public Health & Human Services 0
## Newkirk Products, Inc. 0
## Premera Blue Cross 1
## Science Applications International Corporation (SA 0
## The Nemours Foundation 0
## University of California, Los Angeles Health 0
## Xerox State Healthcare, LLC 0
##
## 78800000
## 21st Century Oncology 0
## Advocate Health and Hospitals Corporation, d/b/a Advocate Medical Group 0
## Anthem, Inc. Affiliated Covered Entity 1
## AvMed, Inc. 0
## Banner Health 0
## CareFirst BlueCross BlueShield 0
## Community Health Systems Professional Services Corporation 0
## Community Health Systems Professional Services Corporations 0
## Excellus Health Plan, Inc. 0
## GRM Information Management Services 0
## IBM 0
## Iowa Health System d/b/a UnityPoint Health 0
## Medical Informatics Engineering 0
## Montana Department of Public Health & Human Services 0
## Newkirk Products, Inc. 0
## Premera Blue Cross 0
## Science Applications International Corporation (SA 0
## The Nemours Foundation 0
## University of California, Los Angeles Health 0
## Xerox State Healthcare, LLC 0
## [1] "Breaches by Entity Type"##
## 2009 2010 2011 2012 2013 2014 2015 2016 2017
## Business Associate 3 43 45 40 64 77 12 20 20
## Health Plan 1 21 19 23 18 41 60 50 52
## Healthcare Clearing House 0 0 1 1 2 0 0 0 0
## Healthcare Provider 14 134 134 154 193 194 195 256 287
##
## 2018
## Business Associate 30
## Health Plan 36
## Healthcare Clearing House 0
## Healthcare Provider 205
## <<SimpleCorpus>>
## Metadata: corpus specific: 1, document level (indexed): 0
## Content: documents: 2445
##
## [1] NA
## [2] NA
## [3] NA
## [4] NA
## [5] NA
## [6] NA
## [7] NA
## [8] NA
## [9] NA
## [10] NA
## [11] NA
## [12] NA
## [13] NA
## [14] NA
## [15] NA
## [16] NA
## [17] NA
## [18] NA
## [19] march roxsan pharmaci inc cover entiti ce report ocr impermiss disclosur electron protect health inform ephi occur januari employe ce email spreadsheet contain ephi attorney repres employe busi associ spreadsheet contain ephi approxim individu ephi includ patient inform insur inform prescript inform physician name ce determin disclosur impermiss made purpos treatment payment health care oper ce provid notic hhs individu notif media notif ocr obtain document individu media breach notif ocr also obtain document show ce took follow step respons breach ocr’ correspond investig ce updat polici procedur address use disclosur phi safeguard phi deidentifi phi employe sanction noncompli hipaa employe respons breach sanction counsel better safeguard phi prevent futur breach incid employe ce retrain updat polici procedur
## [20] NA
## [21] NA
## [22] NA
## [23] NA
## [24] NA
## [25] NA
## [26] NA
## [27] NA
## [28] NA
## [29] NA
## [30] NA
## [31] NA
## [32] NA
## [33] NA
## [34] NA
## [35] NA
## [36] NA
## [37] NA
## [38] decemb cover entiti ce coplin health system report passwordprotect unencrypt laptop comput issu parttim employe stolen automobil employe notifi law enforc ce immedi notifi inform technolog depart theft inquiri determin employe store protect health inform phi laptop use access use ce’ onlin electron health record ehr system email system ce elimin risk laptop contain phi save prior user time theft ce encrypt polici place requir laptop issu employe encrypt ce immedi cancel credenti issu employe enabl access system includ ehr system ce’ depart monitor ’ system sign unauthor access expect indefinit ce counsel employe polici procedur regard secur laptop follow breach ce ensur everi laptop inventori either encrypt remov activ servic ce also began implement mobil devic manag solut will allow remot wipe chsown devic might lost stolen futur ocr obtain copi ce’ current risk assess breach notif affect individu copi hipaa polici procedur ocr obtain assur ce implement correct action list
## [39] NA
## [40] NA
## [41] NA
## [42] NA
## [43] molina healthcar inc cover entiti ce made error prepar mail list busi associ ba merril communic llc use sent letter molina beneficiari octob octob result error ba sent letter deliv incorrect beneficiari breach affect individu type protect health inform phi list letter includ beneficiaries’ name member identif number date servic name beneficiaries’ physician ce sent time breach notif hhs affect individu media also offer affect individu month free ident theft protect mitig breach ce conduct outreach campaign collect copi misdirect mail sanction retrain respons employe ocr obtain assur ce implement correct action list
## [44] NA
## [45] NA
## [46] NA
## [47] NA
## [48] NA
## [49] NA
## [50] NA
## [51] NA
## [52] cover entiti ce file initi breach report error investig ocr learn breach ce go busi longer ce
## [53] unauthor sourc access state assess comput server locat maintain outsid vendor server contain state assess inform includ name social secur number current former client cover entiti ce oklahoma depart human servic result ocr’ technic assist ce provid breach notif hhs affect individu media post substitut notif websit due ocr’ investig ce enter busi associ agreement outsid vendor ocr obtain assur ce implement correct action note ce also began research possibl creat hipaa hybrid entity”
## [54] NA
## [55] NA
## [56] NA
## [57] NA
## [58] NA
## [59] cover entiti ce famili cosmet dentistri rocki report septemb learn busi associ ba document shred vendor proper secur contain held paper record shred document contain clinic demograph financi inform fell contain transport back shred facil ce abl recov document certain whether document recov ce provid breach notif hhs potenti affect individu media also suspend agreement ba retain differ ba conduct shred servic ocr also provid ce technic assist regard privaci rule polici procedur
## [60] NA
## [61] NA
## [62] cover entiti ce brevard physician associ report breach three comput stolen facil one comput contain protect health inform phi individu phi includ name clinic inform insur inform ce provid breach notif hhs affect individu media post substitut notic websit cours investig ce initi procedur remot wipe content stolen computer’ hard drive connect internet ce pledg begin encrypt data rest comput ce also instal number addit physic safeguard surveil camera lock deter prevent unauthor access ocr obtain polici procedur ce concern access control administr physic technic safeguard
## [63] aetna cover entiti ce report busi associ ba real time health quot llc insur produc use unsecur cloud storag applic store protect health inform phi aetna determin individu affect breach protect health inform includ name date birth social secur number medic histori well bank account credit card inform part investig ocr review ce’ busi associ agreement ba ce provid breach notif hhs media affect individu offer affect individu free credit monitor termin relationship ba addit ce conduct review cloud storag applic use among similar bas will provid train use applic
## [64] NA
## [65] septemb busi associ ba complet batch mail outreach letter behalf cover entiti ce kaiser foundat health plan ce subsequ receiv report patient receiv patient outreach letter review file use ba reveal address entir batch superimpos result patient receiv letter intend anoth patient phi breach includ demograph inform patients’ name address ce provid breach notif hhs affect individu media respons ocr’ investig ce work ba ensur secondari qualiti assur check ba sourc file now place ad manag ce final check signoff list prior letter mail ocr obtain assur ce implement correct action note
## [66] septemb emerg coverag corpor cover entiti ce discov two box remitt advic form fell back up truck type protect health inform phi includ form patients’ name address date birth health insur polici number diagnost code descript servic render full partial social secur number breach affect individu ce provid breach notif hhs affect individu media notif requir less affect individu resid singl geograph region respons breach ce review polici procedur perform risk assess offer ident theft insur coverag affect individu ocr obtain assur ce implement correct action list
## [67] NA
## [68] NA
## [69] NA
## [70] august cover entiti ce carolina oncolog specialist receiv correspond credit card compani address three patient use ce’ address septemb one three patient report suspici credit card transact ce ce investig found perpetr fraudul transact former employe access patient file contain name address birthdat social secur number medic inform former employe legitim access file employe unclear mani record access unauthor manner respons breach ce notifi polic initi intern investig polic identifi employe prime suspect misus patient inform open fraudul credit card account ce found unauthor access network electron medic record day immedi preced incid prevent incid futur ce implement addit technic safeguard better track user network limit exposur protect health inform granular control ce provid breach notif hhs affect individu media also post substitut notic websit ce briefli delay provid notif base law enforc request ocr obtain assur ce implement correct action note
## [71] NA
## [72] NA
## [73] NA
## [74] NA
## [75] unauthor user gain access four employees’ email account phish attack breach includ protect health inform individu includ name address date birth financi inform diagnost inform follow breach cover entiti implement twofactor authent email system train employe cybersecur ocr review cover entity’ risk analysi ensur complianc secur rule
## [76] lsu health care servic divis cover entiti ce report prior workforc member improp use jobbas access view protect health inform phi approxim patient august march type phi involv breach includ clinic demograph financi inform follow breach ce provid breach notif hhs affect individu media ce also implement access monitor system sole remain hospit ocr obtain assur ce implement correct action note well written assur ce will retrain staff
## [77] NA
## [78] dr kraig r pepper pa cover entiti ce report copilot provid support servic copilot suffer data secur incid expos protect health inform phi patient ce electron phi ephi includ patients’ name address date birth claim inform diagnosi social secur number follow breach ce provid breach notif hhs media affect individu result ocr’ investig ce execut busi associ agreement copilot revis author form regard permit disclosur phi ce also provid one year ident theft protect servic affect individu ce expect perform thorough accur risk analysi establish risk manag plan execut agreement busi associ document impermiss disclosur affect patient’ phi account disclosur purpos ce expect perform technic nontechn evalu respons environment oper chang affect secur ephi establish extent ce’ secur polici procedur meet requir hipaa secur rule
## [79] NA
## [80] NA
## [81] NA
## [82] NA
## [83] NA
## [84] NA
## [85] NA
## [86] late june employe morehead memori hospit cover entiti ce began report suspici phish email inform technolog depart contract forens investig navig consult ce found two employe email account compromis protect health inform phi individu expos expos phi includ treatment inform payment inform name busi report diagnost inform individu social secur number well respons breach ce reset password employe account ce also ad phish inform employe train materi creat intern websit improv report notif secur incid ce also verbal remind employe direct involv compromis account vigil care email attach ce provid breach notif hhs affect individu media post substitut notic websit ocr obtain assur ce implement correct action note respons breach morehead initi master password reset employe account supplementari inform phish ad employe train materi intern websit creat better report notif secur incid employe sanction howev direct involv compromis account verbal remind vigil care open email attach morehead provid time compliant breach notif hhs affect individu promin media outlet affect jurisdict substitut notic post morehead’ websit time compliant manner well
## [87] august cover entiti ce premier medic associ receiv four websit submiss inform patient get suspici “phishing” email ce attach request protect health inform phi ce investig incid discov suspici email come person gmail account determin websit misconfigur made webmast juli inadvert permit access public misconfigur correct august ce termin contract servic webmast ce ad email fraud alert everi page websit place fraud alert phone system sent messag patient patient portal inform patient fraudul email ce creat list anyon made submiss websit order determin type inform access may view web page juli august determin breach affect individu ce provid breach notif hhs affect individu media ce elimin capabl websit viewer make type onlin submiss patient portal ce reach contact googl bing submiss remov internet confirm august ce develop sever new polici regard websit administr secur privaci ocr review copi ce’ current risk assess breach notif affect individu well copi relev polici procedur ocr obtain assur ce implement correct action list
## [88] cover entiti ce communiti famili care medic group ipa inc submit breach report subsequ addendum report discov least two former contract physician impermiss disclos member protect health inform phi competitor independ physician associ ipa accord ce members’ phi contract physician disclos competitor ipa includ name address date birth social secur insur identif number health insur inform well treatment diagnosi relat inform contract physicians’ action affect individu ce notifi affect individu complet media notif provid notif hhs ocr provid ce technic assist regard ce’ oblig safeguard phi ensur met breach notif rule oblig
## [89] august four employe cover entiti ce abb inc’ health plan victim email phish scheme potenti expos name date birth address social secur number insur member identif number individu ce provid breach notif hhs affect individu media time breach current ce train employe hipaa polici procedur polici place concern suspici email respons breach ce strengthen technic secur polici procedur implement addit secur measur email system protect email cyberattack ocr obtain assur ce implement correct action list
## [90] septemb cover entiti ce kaiser foundat health plan discov physician riversid medic center scan daili schedul date servic august august contain patient inform includ name medic record number procedur type patient physician inadvert email inform extern gmail account belong physician follow breach ce reprogram devic use scanemail document issu longer possibl email leav ces inform technolog network devic ce provid notif hhs affect individu media pursuant breach notif rule follow breach ce retrain physician missent phi issu breach ocr obtain assur ce implement correct action note
## [91] NA
## [92] NA
## [93] juli medcert inc busi associ ba multipl health plan learn protect health inform phi public access sever onlin search engin includ bing googl expos phi includ name address birthdat employ inform case manag report individu well social secur number ba provid breach notif hhs affect individu time compliant manner media substitut notic requir follow breach ba discov exposur caus subcontractor alentus host fail reactiv firewal softwar updat result “webcrawlers” infiltr subcontractor’ comput network stole electron phi post onlin respons breach ba immedi contact subcontractor close vulner ba subcontractor ba agreement baa place result breach subcontractor ceas respond ba’ request inform ba end busi relationship subcontractor acquir servic anoth web host compani hipaacompli ba agreement ba contact search engin abl confirm phi remov public access ocr provid technic assist ba regard ba agreement requir hip aa obtain written assur ba implement correct action list
## [94] NA
## [95] juli cover entiti ce hand upper extrem center dba hand rehabilit specialist inform hacker group dark overlord may breach comput network ce report notic ventura counti sheriff high tech task forc began forens inform technolog investig consult feder bureau investig investig ongo date law enforc found evid inform leav ces system howev unauthor access rule abund caution ce provid breach notif hhs affect individu media follow breach ce chang password updat access control log updat email polici procedur ad technic administr secur improv ocr obtain assur ce implement voluntari correct action note
## [96] NA
## [97] NA
## [98] metroplus health plan inc cover entiti ce report breach phi employe email excel spreadsheet famili member’ person email address phi contain electron protect health inform ephi member includ demograph inform limit medic inform social secur number ce provid breach notif hhs affect individu media follow breach ce sanction employe ensur ephi delet person email address devic use employee’ famili member remind workforc member use person email account conduct ce’ busi ce also document impermiss disclosur members’ ephi account disclosur purpos result ocr’ investig extens technic assist provid ce expect perform thorough accur enterpris wide risk analysi establish risk manag plan regular review record inform system activ implement secur measur guard unauthor access ephi transmit electron communic network ocr state expect ce will provid period secur train workforc member safeguard ephi transmiss polici procedur regard breach notif
## [99] NA
## [100] NA
## [101] northeast obgyn associ cover entiti “ce” report keylogg virus comput network captur inform key ce’ system month ce report protect health inform phi individu involv breach type phi includ demograph financi clinic inform ce notifi affect individu media cours investig ocr determin ce retrain staff implement technic procedur chang prevent similar event occur futur
## [102] institut women’ health cover entiti ce report keylogg virus comput network captur inform key ce’ system month protect health inform phi individu involv breach type phi includ demograph financi clinic inform ce notifi affect individu media investig ocr provid technic assist concern risk analysi ce subsequ provid base technic assist ocr ce updat implement technic procedur chang prevent similar event occur futur retrain staff
## [103] NA
## [104] june cover entiti ce lake hospit system inc dba lake health discov paper log birth occur tripoint medic center’ obstetr ob depart miss breach affect name medic record number patient health complic patient drug screen inform individu ce provid breach notif hhs affect individu media well provid substitut notic websit also creat tollfre hotlin contact addit inform offer free ident theft protect follow breach ce retrain ob staff hipaa polici procedur stop use paper ob log book requir manualpap log within entiti convert electron secur format elimin also requir depart director implement secur plan assur log inform safeguard develop director level train use ob log incid case studi train directorsdepart leader ocr obtain document assur ce implement correct action describ
## [105] juli juli o’neil print inc busi associ ba wellcar health plan inc accident sent mislabel envelop contain insur membership identif card incorrect address mistak discov juli expos name address birthdat membership number affect individu respons breach ce ba investig caus breach find problem name convent ba’ file process caus name address member becom mismatch problem prompt fix ba implement addit verif step prevent similar problem futur ce provid time breach notif hhs affect individu media outlet throughout state missouri also mail selfaddress stamp envelop individu receiv mislabel mail along explan return incorrectlyreceiv inform ocr obtain assur ce implement correct action list
## [106] NA
## [107] NA
## [108] NA
## [109] NA
## [110] sport spine rehabilit cover entiti ce report june remot access cyber attack success execut ransomwar attack encrypt data store comput server potenti affect individu type protect health inform phi involv includ patients’ name address date birth social secur number medic inform ce immedi shut comput network contract lore system inc perform full secur sweep server infrastructur perform number correct action lore system inc inform ce attack infect “cloud” server point file encrypt ce’ virtual offic server vos map network drive ce confirm encrypt file limit just data folder vos server ce provid breach notif hhs affect individu media ce hire provendatarecoverycom restor file origin locat ensur comput server environ clean ce indic manual scan across devic perform per week devic protect onaccess ondemand scan ocr review copi ce’ polici procedur use disclosur phi safeguard ce’ risk analysi train program secur measur implement address risk vulner ocr obtain assur ce implement correct action list
## [111] NA
## [112] NA
## [113] cover entiti ce christin d collin apc ann hofstad md inc discov third parti may gain unauthor access comput system email access credenti belong employe wrong acquir result cybersecur attack may ce’ investig determin employee’ email account subject unauthor access may may breach involv protect health inform phi individu includ name address date birth social secur number medic inform respons breach incid ce immedi disabl account reset credenti impact user account implement twofactor authent email access updat polici procedur ce provid breach notif hhs affect individu media ocr provid technic assist regard ce’ oblig conduct comprehens current secur risk analysi along implement correspond risk managementmitig plan address find risk analysi report
## [114] NA
## [115] NA
## [116] NA
## [117] NA
## [118] NA
## [119] cover entity’ ce comput server infect ransomwar server contain protect health inform approxim individu type protect health inform involv breach includ diagnost inform ce provid breach notif hhs affect individu follow breach ce disabl remot access server upgrad antimalwar softwar result ocr’ investig ce conduct risk analysi implement risk manag plan
## [120] NA
## [121] NA
## [122] NA
## [123] NA
## [124] NA
## [125] NA
## [126] baptist medic south cover entiti ce lost hard drive use store backup electroencephalogram eeg test result breach affect individu type protect health inform phi drive includ patients’ name date birth hospit medic record number physicians’ order diagnos room number eeg imag result ce provid breach notif affect individu media hhs also post notif websit respons breach ce initi secur incid procedur review surveil video footag interview employe ce also revis procedur relat hard drive storag updat polici addit ce improv physic technic safeguard includ use encrypt ce also train staff updat polici procedur ocr provid ce technic assist breach start date breach report ocr obtain assur ce implement correct action list
## [127] NA
## [128] NA
## [129] cover entiti ce atchafalaya intern medicin associ report malwar attack desktop comput may compromis protect health inform phi patient investig ocr learn owner ce close busi march ocr receiv notif owner atchafalaya intern medicin associates’ healthcar busi activ entiti ceas entiti longer oper busi ocr verifi offic telephon number servic entity’ websit longer exist secretari state show entiti file sinc februari circumst atchafalaya intern medicin associ longer cover entiti subject requir hipaa
## [130] NA
## [131] NA
## [132] cover entiti ce tampa bay surgeri center notifi fbi may patient inform post onlin base ce’ intern investig determin cyberattack known “ dark overlord” compromis remot access inform system stole spreadsheet contain name date birth address social secur number individu ce provid breach notif hhs affect individu media post notic websit respons breach ce substanti revis technic secur safeguard includ access control ocr obtain assur ce implement correct action list
## [133] NA
## [134] famili tree health clinic cover entiti ce report ransomwar attack comput system result system encrypt data held ransom ce determin demograph financi clinic inform individu involv breach ce provid breach notif hhs affect individu media ce also implement technic safeguard updat procedur retrain staff ocr obtain assur ce implement correct action note
## [135] NA
## [136] NA
## [137] cover entiti ce rutland region medic center sent patient survey via email recent discharg patient recipient’ email address place “” line email make recipient’ email address contain name visibl recipi email address line three duplic leav patient email address disclos ce provid breach notif hhs affect individu media ce also set assist help line individu might addit question result ocr’ investig ce revis polici regard use disclos protect health inform send patient email addit ce retrain staff hipaa polici ocr obtain assur ce implement correct action note
## [138] NA
## [139] may cover entiti ce bay area pain well center discov electromyographi emg machin stolen employe car laptop comput attach emg contain electron protect health inform ephi approxim patient ephi includ patient name date birth laptop password protect encrypt ce provid breach notif hhs affect individu media well provid substitut notif respons breach ce retrain employe privaci secur rule polici encrypt employees’ laptop updat secur rule polici prohibit employe leav comput comput bag unattend public area ocr provid ce technic assist regard breach notif secur rule risk analysi risk manag provis
## [140] krichev famili medicin pc report ransomwar virus attack electron medic record system april possibl affect individu virus remov patient record restor backup copi type phi involv includ name social secur number address patient identif number prescript inform diagnos medic procedur histori time date treatment krichev famili medicin work ami e carter md cove famili sport medicin llc provid breach notif hhs affect individu media also provid substitut notif websit breach report file krichev famili medicin pc ami e carter md consolid review cove famili sport medicin llc will includ investig relat entiti ransomwar incid
## [141] ami e carter md report ransomwar virus attack electron medic record system april possibl affect individu virus remov patient record restor backup copi type protect health inform phi involv includ name social secur number address patient identif number prescript inform diagnos medic procedur histori time date treatment ami e carter md work krichev famili medicin pc cove famili sport medicin llc provid breach notif hhs affect individu media also post notic websit breach report file ami e carter md krichev famili medicin pc consolid review cove famili sport medicin llc will includ investig relat entiti ransomwar incid
## [142] NA
## [143] busi associ ba sent mail contain protect health inform phi damag transit page miss upon receipt miss page contain phi individu includ member identif number date servic claim number amount bill amount paid health plan cover entiti ce tennesse rural health improv associ investig incid gather inform intend recipi packag mail vendor us postal servic miss page found ce provid breach notif hhs affect individu media also set toll free telephon number answer question follow breach ce began reduc number mail sent provid encourag particip electron payment system work vendor improv safeguard mail ocr determin ce appropri ba agreement place ba ocr obtain assur ce implement correct action list
## [144] cours review subject breach report ocr decid consolid matter review separ breach report file merci famili medicin aris incid
## [145] NA
## [146] north dakota depart human servic cover entiti ce report breach hhs discov workforc member dispos document includ protect health inform phi dumpster document contain phi belong individu phi includ individuals’ first last name date birth medicaid provid number identifi date servic diagnosi code procedur code bill inform ce notifi affect individu promin media outlet breach ce also post substitut notif websit workforc member respons breach resign lieu termin ce train staff proper dispos phi result ocr’ technic assist ce revis polici concern safeguard phi provis privaci train sanction polici disclosur phi mitig polici provid ocr written assur will train member workforc updat polici
## [147] NA
## [148] workforc member cover entiti ce advanc ent head neck surgeri surreptiti took pictur patient record convers patient made paper copi patients’ legal identif payment inform paper medic record workforc member also stole sever mobil devic contain electron protect health inform ephi case post breach inform social media account breach affect approxim individu type phi ephi involv includ clinic demograph financi inform ce provid breach notif hhs also notifi enforc agenc jurisdict breach incid respons breach ce discov around may ce adopt encrypt technolog improv password requir updat secur rule risk manag plan implement new technic safeguard improv physic secur revis hipaa polici procedur ce also sanction involv workforc member case includ termin employ ocr close investig case accept investig depart justic
## [149] may arizona depart health servic cover entiti ce report packag bill document contain protect health inform phi lost mail packag contain phi approxim individu newborn screen program type phi involv breach includ name date birth address phone number health insur inform possibl social secur number ce provid breach notif affect individu media hhs follow breach investig ce switch mail carrier use ship bill inform pursuant ocr’ investig ce improv physic safeguard implement new polici procedur mail ocr obtain assur ce taken action
## [150] NA
## [151] begin around march employe cover entiti ce beacon health system impermiss access emerg room er patient record work bill depart employe access protect health inform phi er patient includ address date birth name social secur number age room number claim inform bill account invoic health insur ill chief complaint ce provid breach notif hhs affect individu media also provid credit monitor affect individu follow breach ce sanction employe accord sanction polici investig found larg number ces staff either complet hipaa train complet portion train ocr request ce updat hipaa train polici audit polici respons ce provid ocr document action took includ redraft hipaa train polici updat audit polici provid evid daili audit log run
## [152] septemb cyberattack sent phish email cover entiti ce augusta univers medic center inc obtain employe user name password cyberattack access employees’ selfservic portal purpos redirect paycheck cyberattacker’ bank account breach affect protect health inform phi individu includ one follow address date birth medic record number insur inform prescript inform treatment inform individu social secur number respons incid ce chang user password close affect email account issu secur alert staff member immedi chang password ce provid breach notif hhs affect individu media also establish dedic call center one year free credit monitor affect individu ce enhanc secur implement twofactor authent remot connect email subject tag system log collect correl tool ce provid addit train spot phish email deploy mean automat quarantin suspici email messag correct softwar identifi suspici internet address quick ocr confirm ce implement correct action list
## [153] april cover entiti ce mississippi divis medicaid discov begin may employe use wufoo onlin servic creat post onlin form ce’ extern websit public use form secur ce’ wufoo’ websit encrypt email wufoo ce’ employe form request protect health inform phi beneficiari form inform transmit via unencrypt email across public internet ce unabl determin whether third parti inappropri access form inform contain email ce busi associ agreement baa wufoo phi contain unsecur form includ beneficiari potenti applicants’ name address email enrol date medicaid andor medicar identif number social secur number phone number clinic inform health plan approxim peopl affect breach ce provid breach notif hhs affect individu media also provid substitut notic websit follow breach ce cancel wufoo account conduct audit activ contract ensur proper baa also revis purchas polici privaci secur polici train staff new polici addit ce structur privaci offic posit report direct ce’ execut director counsel employe involv breach ocr obtain assur ce implement correct action list
## [154] cmh physician store protect health inform person websit approxim individu affect breach breach includ name date birth diagnos condit icd code order prevent similar breach happen futur cmh review updat polici creat new onlin cours retrain employe physician receiv monetari sanction conduct addit counsel cmh sent breach notic affect individu sent media notic kansa citi star provid notic via cmh’s websit cmh provid document action took matter
## [155] NA
## [156] may cover entiti ce kennewick general hospit dba trio health report one workforc member impermiss access protect health inform phi outsid scope job respons breach potenti affect individu type phi involv breach includ patient name social secur number address date birth driver’ licens number lab result medic inform treatment inform diagnos medic condit follow breach investig breach sanction involv workforc member implement safeguard includ place addit restrict access phi result ocr’ investig ce conduct review polici procedur determin potenti risk phi electron phi revis polici retrain workforc
## [157] cover entiti ce pacif ocean pediatr report breach three comput two extern hard drive stolen ce’ offic clean crew member left exterior door unlock breach affect approxim individu ce’ patient parent patient protect health inform phi includ name address date birth phone number sex insur inform entir chart medic histori patient includ symptom test diagnosi prescript ce immedi report theft law enforc ce provid time breach notif hhs affect individu media substitut notic also provid ce consult profession implement addit protect measur prevent similar breach occur futur follow incid ce improv physic secur facil instal firewal encrypt electron devic store phi adopt new revis polici procedur safeguard phi ce train workforc member new revis polici ocr obtain assur ce implement correct action note ocr also provid ce technic assist regard risk analysi risk manag provis secur rule
## [158] NA
## [159] cover entiti ce report singl provid practic target ransomwar attack affect record ce’ bill schedul program march affect record electron medic record program march type protect health inform phi involv breach includ name address date birth medic inform driver licens number social secur number insur claim inform individu ce provid breach notif hhs affect individu media ce thorough investig incid assist third parti expert ensur system secur recov affect data ce took number addit measur safeguard elect phi use uniqu credenti level system access password protect workstat revis level access staff chang remot access system ce began select cloudbas vendor replac present system intent migrat electron medic record new platform ocr review ce’ polici procedur use disclosur phi safeguard copi risk analysi secur measur implement address risk vulner ocr obtain assur ce implement correct action list
## [160] NA
## [161] may cover entiti ce report march discov person access comput server deploy ransomwar prevent ce’ employe access data server server contain patients’ clinic inform diagnos condit treatment inform affect approxim individu ce provid notif hhs affect individu media also report matter clinton counti ohio prosecutor’ offic clinton counti administr prevent similar breach happen futur ce decommiss affect server migrat cloud solut upgrad antivirus softwar manag solut monitor help desk staff ce also updat polici procedur regard password implement softwar restrict polici train workforc polici procedur regard hipaa safeguard phi ocr obtain document assur ce implement correct action note
## [162] mecklenburg counti north carolina cover entiti ce disclos multipl digit storag disk ie dvds contain protect health inform phi respond public record request two media outlet breach affect individu phi includ patients’ name inform regard servic receiv lab result medic record number patients’ address date birth ce provid time breach notif hhs affect individu media ce also post notif breach websit respons breach ce revis hipaa polici procedur revis train modul retrain staff alloc fund purchas softwar hardwar improv manag futur public record request ocr provid technic assist ce regard requir element breach notif notic ocr obtain assur ce implement correct action list
## [163] aerocar hold cover entiti ce discov employe sent email impermiss disclos ident email recipi contain protect health inform phi breach affect individu phi contain email identifi recipi user cpap devic ce sent time breach notif hhs affect individu media respons breach ce prepar incid report revis polici procedur email sanction respons employe ocr obtain assur ce implement correct action list
## [164] NA
## [165] NA
## [166] NA
## [167] NA
## [168] NA
## [169] memori hospit clinic south report breach comput malwar ieransomwar found network server breach affect protect health inform phi individu includ clinic demograph inform specif type phi involv breach includ address birthdat driver licens number name social secur number diagnosescondit lab result medic treatment inform review consolid anoth review cover entiti
## [170] seminol hospit district gain counti texa cover entiti ce victim ransomwar attack share comput server memori hospit clinic west mhcw memori hospit clinic south mhcs part ce result attack protect health inform phi approxim patient mhcw patient mhcs held ransom type phi involv breach includ demograph clinic inform ce provid breach notif hhs affect individu media follow breach ce retrain staff deploy addit softwar block ransomwar attack ocr obtain assur ce implement correct action note
## [171] cover entiti ce orthodont specialist green bay report breach base unauthor access one doctor’ email account occur april april unauthor individu access doctor’ email account monitor communic receiv financi gain pose doctor request control send fund various account breach email account contain electron protect health inform ephi affect individu includ name treatment inform immedi follow breach ce contact feder bureau investig fbi initi investig cover entiti provid breach notif hhs affect individu media ce direct contractor investig sever breach investig conclud one doctor’ email account breach ce requir employe chang password creat new password manag polici ocr obtain assur ce implement correct action note
## [172] NA
## [173] april three iowa veteran home employe mistaken provid credenti respons phish email cover entity’ ce migrat microsoft googl email breach potenti affect protect health inform phi individu includ full name social secur number date birth address driver’ licens clinic inform ce provid time breach notif hhs affect individu media ce retrain staff initi test twofactor email authent staff custom ocr obtain assur ce implement correct action list
## [174] NA
## [175] NA
## [176] western health screen contract hospit provid onsit blood screen hospitalsponsor health fair februari one employe en rout health fair portabl electron storag devic jump drive contain unsecur electron protect health inform ephi five laptop comput stolen employee’ car laptop encrypt jump drive type ephi involv breach includ name address zip code social secur number patient western health provid breach notif hhs affect individu media follow breach western health sanction employe involv retrain employe encrypt jump drive ocr obtain assur western health implement correct action note
## [177] NA
## [178] duplic case delet
## [179] workforc member fail encrypt email contain spreadsheet attach sent intend recipi unencrypt email contain protect health inform phi approxim individu includ name case number date servic medic procedur code cover entiti ce michigan depart health human servicesag adult servic agenc provid breach notif hhs affect individu media follow breach ce ensur staff complet mandatori agencywid hipaa train also follow involv staff person respons unencrypt email longer work agenc ce improv technic safeguard encrypt outgo email attach final ce initi review updat hipaa polici procedur ocr obtain document assur ce implement correct action note
## [180] NA
## [181] amedisi west virginia’ busi associ ba iron mountain subcontractor dm improp dispos two unlock shred bin contain protect health inform phi breach affect individu type phi involv includ name address date birth social secur number clinic inform cover entiti ce amedisi provid breach notif hhs affect individu media follow breach ba agre provid servic direct ce without use subcontractor ba also agre ensur proper secur measur taken dispos shred bin ocr obtain assur ce implement correct action list addit ocr review ce’ risk analysi ba agreement ensur complianc privaci secur rule
## [182] NA
## [183] april cover entiti ce carson valley medic center gardnervill nevada report spreadsheet contain protect health inform phi may compromis unauthor user result email scam electron phi includ name discharg date bill account number locat servic individu ce provid breach notif hhs affect individu media follow breach ce implement technic safeguard updat secur risk analysi train staff ocr provid technic assist regard hipaa secur rule
## [184] cover entiti ce univers oklahoma health scienc center report resid physician set univers email automat forward person email account protect health inform phi involv name medic inform date birth social secur number approxim individu result breach ce improv safeguard updat polici procedur train workforc member better practic protect phi ce provid breach notif hhs affect individu media cours investig ocr provid technic assist ce provid substitut notic individu notifi ocr obtain notic media provid ce obtain assur ce implement correct action list respons ocr’ data request breach report
## [185] februari women’ care somerset cover entiti ce sent promot email patient without blind copi recipi disclos email address individu ce investig incid determin email sent offic manag use unauthor email method follow breach ce sanction offic manag delet email disabl email account use send ce also revis electron mail use polici requir staff review revis polici retrain staff proper email use ce provid breach notif hhs affect individu media post substitut notic ce’ websit ocr obtain assur ce implement correct action list
## [186] abcd pediatr pa cover entiti ce report electron health record system hack ransomwar began encrypt protect health inform phi store server phi includ patient name address date birth social secur number drivers’ licens inform diagnos medic condit lab result medic treatment claim inform approxim individu affect breach ce took sever correct action step resolv issu rais breach report correct action taken includ close remot access termin servic requir workforc member use virtual privat network remot access ce also conduct audit disabl inact user account strengthen password requir implement account lockout polici investig ocr verifi ce implement encrypt laptop mobil devic ocr provid technic assist concern breach notif polici ce receiv revis version polici ce also revis polici regard period risk analys updat secur rule requir accord ocr’ technic assist
## [187] march cover entiti ce report februari laptop comput found infect virus known transmit inform third parti internet breach potenti affect approxim individu type protect health inform phi involv breach includ patients’ name address date birth social secur number clinic inform ce provid breach notif hhs affect individu media well post notif websit provid free credit monitor upon request ce revis polici procedur specif alleg breach ocr provid substanti technic assist ce obtain assur ce implement correct action note
## [188] NA
## [189] NA
## [190] NA
## [191] staff member highland river communiti servic board cover entiti ce sent incorrect inform ce’ bill agent reli incorrect inform bill agent mail statement individu contain protect health inform phi wrong patient statement contain individual’ name account number date servic fess servic cumul balanc follow incid ce sanction staff member involv provid hipaa retrain review polici procedur result ocr’ investig ce creat new secur written procedur share phi vendor ce also provid breach notif hhs affect individu media respons technic assist provid ocr ce provid substitut notic websit person individu next visit ce servic
## [192] januari cover entiti ce rocki mountain health mainten organ inc mail letter contain protect health inform phi incorrect recipi type phi involv breach includ demograph inform last four digit social secur number date birth approxim individu ce provid breach notif hhs affect individu media follow breach ce investig caus breach revis relat hipaa polici procedur ocr obtain assur ce implement correct action note
## [193] workforc member erron sent email disclos protect health inform phi patient patient list email ce provid breach notif hhs affect individu media respons incid ce implement addit technic safeguard prevent similar situat retrain workforc member proper use email communic patient ocr obtain assur ce implement correct action note
## [194] NA
## [195] NA
## [196] NA
## [197] unauthor individu stole extern comput hard drive cover entiti ce denton heart group protect health inform phi potenti affect includ name address date birth social secur number approxim individu result breach ce improv safeguard train workforc member better practic protect phi ce provid breach notif hhs affect individu media ocr obtain assur ce implement correct action list
## [198] cover entiti ce virginia commonwealth univers health system detect unusu pattern access electron patient record two differ sourc confirm employe communiti physician employe contract vendor act independ access patient record without legitim busi need type protect health inform phi potenti view includ full name home address date birth medic record number provid visit date health insur inform diagnost treatment inform result incid respect employ sanction employe ce obtain assur former employe inappropri access electron medic record view without malici intent inform retain ce implement addit administr technic safeguard elimin option brows record limit inform display result search minimum necessari ce provid breach notif hhs media affect individu ocr obtain assur ce implement correct action list
## [199] januari box contain hard copi control substanc prescript written januari januari stolen unknown individu cvs cover entiti ce michigan citi indiana breach affect individu type protect health inform phi involv includ patients’ name date birth address medic name medic dosag prescript number prescrib inform ce provid breach notif affect individu media hhs follow breach ce retrain staff michigan citi locat addit ce’ manag conduct intern audit ensur patient record easili visibl wait custom access anyon stand outsid pharmaci ocr review ce’ polici procedur use disclosur phi safeguard phi obtain assur ce implement correct action note
## [200] cover entiti ce victim malwareransom attack electron protect health inform ephi involv breach includ name date birth address social secur number health care claim inform individu ce provid breach notif hhs affect individu media follow breach ce strengthen administr technic safeguard implement stronger password polici encrypt comput enhanc firewal antivirus protect electron system ocr’ investig result ce enhanc safeguard ephi
## [201] januari employe inadvert email attach contain patient invoic decemb six current patient person repres invoic contain patient name bill address account balanc invoic includ name dosag amount medic provid cover entiti ce saliba extend care pharmaci patient approxim individu affect breach ce discov inadvert email januari recal email sent recipi reach three recipi confirm open email messag request recipi perman delet email incid ce restrict workforc access folder contain patient invoic retrain bill staff proper method access email patient invoic hipaa polici procedur sanction employe sent email ce also develop secur onlin portal patient can direct retriev month invoic ce provid breach notif hhs affect individu media well substitut notif ocr provid ce technic assist regard risk analysi risk manag provis hipaa secur rule
## [202] februari workforc member cover entiti ce orang counti global medic center inadvert sent two medic statist report csection vagin birth unauthor recipi report contain one follow type protect health inform phi ces patient treatment diagnost inform medic record number date birth infant treat staff name treatment date ce reach unauthor recipi ask inform destroy delet hisher email ce provid breach notif hhs affect individu media ocr obtain assur ce implement correct action note indic ce expect complet enterprisewid secur risk analysi result incid
## [203] NA
## [204] ocr conduct investig breach report file dr stephen courtney august report former workforc member impermiss access approxim patients’ medic record plano orthoped sport medicin spine center posmc upon discov breach dr courtney file breach report hhs took step mitig harm result ocr’ investig ocr determin appropri cover entiti posmc
## [205] memphi va medic center mvamc cover entiti ce impermiss disclos protect health inform phi due print format chang caus wrong name associ address survey mail member breach incid includ name address individu ce provid breach notif affect individu media ce conduct full review incid reeduc staff regard appropri method handl secur mail phi set new process prevent similar situat reoccur counsel retrain staff privacyreleas inform polici ocr obtain assur ce implement correct action note
## [206] sharp memori hospit cover entiti ce report unencrypt laptop comput unencrypt extern hard drive use store electron protect health inform ephi stolen secur storag area ephi patient store hard drive time theft ephi includ individuals’ name date birth prescript inform famili medic histori respons breach incid ce notifi affect individu breach notifi promin media outlet breach ensur presenc encrypt softwar laptop media storag devic updat relev polici procedur implement addit administr physic technic safeguard provid retrain workforc member facil breach occur result investig ocr state expect ce will complet thorough enterpris wide risk analysi implement comprehens risk manag plan
## [207] unauthor user obtain remot access comput system leo edward jr md cover entiti ce protect health inform phi potenti affect includ name address date birth social secur number medic inform approxim individu result breach ce improv secur postur updat polici procedur train workforc member better practic protect patient inform ce provid breach notif hhs affect individu media ocr obtain assur ce implement correct action list
## [208] NA
## [209] cover entiti ce west virginia univers hospit east inc report februari polic offic contact complianc offic indic individu report ident theft discov treat berkley medic center part ce breach affect individu includ demograph clinic inform ce discov employe handl individu admiss involv breach employe along individu alleg involv incid charg ident theft aggrav ident theft bank fraud produc fals ident document among charg count indict hand feder grand juri june forens review conduct ce’ thirdparti incid respons vendor fbi immedi follow event determin phi remov view ce’ electron network ce provid ocr kroll event report june provid updat confirm addit report ident theft made kroll sinc incid identifi crimin charg initi ocr review copi ce’ current risk assess ce provid breach notif hhs affect individu media also provid free credit monitor ocr obtain assur ce implement correct action list
## [210] allina health systemminneapoli heart institut cover entiti ce discov protect health inform phi place recycl bin empti instead shred plan breach discov januari affect approxim individu type phi involv includ name address date birth social secur number medicar identif number insur identif number clinic diagnos lab result ce provid breach notif affect individu hhs media follow breach ce implement new polici procedur train employe ocr obtain assur ce implement correct action note
## [211] NA
## [212] NA
## [213] januari cover entiti ce famili servic rochest discov unauthor user access comput server contain name address date birth social secur number approxim patient day ce discov breach termin access remot desktop compromis “programs” account ce also review account access comput drive ensur complianc password polici ce ensur account use past day disabl ce provid breach notif hhs affect individu media part risk analysi risk manag process ce also review revis hipaa polici procedur ocr obtain document assur ce implement correct action list
## [214] februari robert e torti md pa dba retina specialist cover entiti ce report protect health inform phi individu went miss type phi involv breach includ clinic demograph financi inform ce provid breach notif hhs affect individu media also notifi law enforc addit ocr obtain review evid ce implement improv administr physic safeguard enhanc physic secur measur revis procedur handl phi retrain staff
## [215] former employe found return box paper record contain protect health inform phi miss five year belong cover entiti ce hillsborough counti age servic depart phi includ name address social secur number enrol number financi inform clinic note individu ce review updat polici procedur prevent similar occurr futur formal procedur safeguard phi outsid offic use password protect lock case requir employe review implement new procedur ce also provid breach notif hhs affect individu media websit ocr obtain assur ce implement correct action list
## [216] NA
## [217] parttim clinic employe cover entiti ce st joseph’ hospit medic center digniti health facil arizona impermiss access protect health inform phi patient breach affect full name date birth diagnosescondit medic approxim individu ce provid breach notif hhs affect individu media also provid substitut notic follow breach ce sanction employe respons incid report employe licens board respons incid ce conduct thorough audit employee’ medic record access entir term employ oce obtain assur ce implement correct action list case sanction includ termin employ
## [218] februari univers care inc dba brand new day cover entiti report ocr unauthor individu download electron protect health inform ephi relat ces member ephi comput system maintain thirdparti vendor busi associ ba breach affect clinic demograph inform approxim individu follow breach incid ce obtain assur ba implement addit administr technic safeguard prevent unauthor access ephi futur ce provid breach notif hhs affect individu media also offer month free credit monitor servic affect individu ocr obtain assur ce implement correct action measur describ
## [219] NA
## [220] februari cover entiti ce california correct health care servic report workforc member sent email spreadsheet attach wrong recipi execut liaison california governor’ offic emerg servic last name intend recipi ce ask recipi delet email attach breach affect electron phi ephi approxim individu includ name california depart correct rehabilit identif number hous inform mental health relat inform health care provid inform ce provid breach notif hhs affect individu media respons breach ce retrain involv workforc member implement email encrypt ce also provid ocr addit document includ hipaa notic privaci practic polici relev breach investig ocr obtain assur ce implement correct action list
## [221] februari cover entiti ce bloom physic therapi llc dba physician physic therapi servic erron sent email regard chang ownership past current client email address mail visibl recipi email sent approxim individu may contain name portion email address ce provid breach notif hhs affect individu media ce revis polici procedur retrain staff ocr provid substanti technic assist ce obtain assur ce implement correct action note
## [222] busi associ ba medic inform manag system llc mim sheridan healthcorp inc subsidiari part electron network valley anesthesiolog pain consult vapc suffer cyberattack third parti may gain unauthor access network includ ba’ comput server march vapc discov incid june identifi mim server may compromis juli mim ba first assist associ faa time provid bill collect servic incid compromis electron protect health inform ephi vapc also ephi regard individu mim server faa patient ocr open separ review vapc breach type ephi potenti access mim server includ patient name date birth address health insur inform clinic inform social secur number respons breach mimsvapc instal virtual privaci network vpn devic improv secur remot access network disabl compromis network account mimsvapc “blacklisted” internet address identifi incid block addit attempt actor access electron health record program ehr remot desktop protocol breach mimsvapc rebuilt compromis server implement central log key system whitelist servic provid internet address switch antivirus ehr program ba provid breach notif faa well hhs affect individu media howev notic hhs time ocr provid technic assist regard ba’ oblig conduct comprehens current secur risk analysi implement correspond risk managementmitig plan address find
## [223] NA
## [224] cover entiti ce walgreen sent improp format survey letter individu protect health inform phi visibl addresse window envelop visibl phi includ recent prescript histori clinic demograph data affect individu state follow breach ce conduct investig determin root caus breach revis qualiti control step mail contain phi retrain depart staff revis procedur ce provid breach notif hhs affect individu media post substitut notic home page websit ocr obtain document assur ce implement correct action note
## [225] NA
## [226] jefferi d rice odvis sourc cover entiti ce report decemb seven box contain past current patients’ protect health inform phi stolen warehous breach affect approxim individu type protect health inform phi involv breach includ contain name address social secur number medic diagnosescondit follow breach ce inventori storag unit note miss inform polic theft recov stolen phi review recov phi move offsit phi new locat ce provid breach notif hhs affect individu respons ocr’ investig ce revis polici use disclosur phi polici safeguard phi train staff updat polici ce also train employe regular check phi store site ocr obtain document action taken matter
## [227] januari wellcar health plan inc cover entiti ce submit breach report state summit reinsur reinsur ce experienc data secur event ocr review matter base review ocr determin violat hipaa law occur
## [228] employe cover entiti ce synergi specialist medic groupjay s berent open phish email caus patient receiv fals email ce breach email account affect individu individu ce impermiss disclos subset patient name email address fail blind copi name email address notifi patient fraudul email type protect health inform phi involv includ name address email address date birth treatment inform diagnos medic ce took immedi action secur email account began forens investig determin caus extent incid ce implement addit technic safeguard revis polici train workforc member improv secur prevent detect practic ocr obtain assur ce implement correct action note
## [229] januari cover entiti ce road foundat inc dba road communiti care clinic notic lock mailbox broken content insid mail box ce determin document includ explan benefit contract insur compani lost stolen incid breach affect approxim patient type protect health inform phi miss piec mail includ patients’ name claim number servic date various dollar amount includ bill allow deduct coinsur paid adjust withheld code claim balanc date birth half affect individu ce notifi local law enforc us postal servic usp respons incid instruct usp handdeliv mail busi hour ce staff member ce provid breach notif hhs affect individu media ocr obtain assur ce implement correct action note
## [230] NA
## [231] camera infant secur photo went miss nurs fail store camera normal secur locat roper st franci mount pleasant hospit breach affect protect health inform phi newborn patient type phi camera includ photograph patient patients’ last name date birth providers’ name respons breach decemb cover entiti ce end procedur take secur photo newborn staff member advis continu ensur safeti infant identifi appropri match bracelet util infant secur tag system educ famili januari ce implement inform servic secur incid respons procedur facilit time effect handl cybersecur comput incid train staff affect unit hipaa polici procedur ce provid breach notif hhs parent affect newborn media ce offer credit monitor ident protect servic affect individu establish call center relat breach ocr obtain assur ce implement correct action list
## [232] cover entiti ce stephenvill medic surgic clinic report employe accident email master list patient whose chart purg andor destroy unauthor recipi result impermiss disclosur protect health inform phi approxim individu phi includ demograph inform follow discoveri breach ce sanction employe respons breach implement addit safeguard revis updat polici procedur ocr provid technic assist regard individu media notif requir confirm ce complet requir breach notif ce also offer affect individu free credit monitor servic
## [233] NA
## [234] cover entiti ce report breach individuals’ electron protect health inform ephi laptop comput stolen workforc member’ unlock car decemb decemb type ephi involv breach includ diagnos condit lab result medic treatment inform ce provid breach notif hhs affect individu media provid ocr evid respond secur incid implement physic technic secur safeguard updat secur analysi sanction workforc member train entir staff ocr provid technic assist regard hipaa secur rule
## [235] cover entiti ce coven medic center discov employe access patients’ electron medic record februari novemb without appropri busi purpos breach affect clinic demograph financi inform approxim individu ce provid breach notif hhs affect individu media also offer affect individu credit monitor follow breach ce sanction involv employe retrain staff ocr obtain assur ce implement correct action list case sanction includ termin employ
## [236] unauthor user gain access employee’ email account phish attack automat forward employee’ email extern account breach includ protect health inform phi individu includ name address date birth social secur number clinic inform follow breach cover entiti ce associ cathol chariti ad addit protect softwar email system provid employe addit secur awar train addit ocr review cover entity’ risk analysi ensur complianc secur rule ocr obtain assur ce implement correct action list
## [237] due technic error data convers process cover entiti ce sent correspond patients’ incorrect address type protect health inform phi involv breach vari base correspond may includ full name former address birthdat claim inform diagnosescondit lab result medic treatment inform ce provid breach notif hhs affect individu media follow breach ce retrain staff correct address develop plan implement addit safeguard data convers ocr obtain document assur ce implement correct action note
## [238] cover entiti ce children’ hospit los angel report breach individuals’ electron protect health inform ephi result theft unencrypt laptop store workforc member’ vehicl park public park lot breach affect patient demograph inform name date birth medic record number address andor clinic inform follow breach respons ocr’ contact matter ce took correct action includ block laptop access ces intern comput network remind staff store laptop mobil devic vehicl ensur encrypt appl oper laptop implement new polici ce provid breach notif hhs affect individu media
## [239] cover entiti ce escambia counti alabama communiti hospit inc dba atmor communiti hospit discov unit secretari view medic record patient emerg depart outsid scope job duti record includ protect health inform patients’ name clinic inform ce provid breach notif hhs affect individu media respons breach ce sanction involv employe review record audit procedur implement addit access control mechan patient record emerg depart addit ce retrain employe ocr obtain assur ce implement correct action list case sanction includ termin employ
## [240] veriti medic foundat cover entiti ce report breach occur one websit wwwsanjosemedcom compromis use distribut malwar websit visitor breach affect approxim individu patient san jose medic group join ce type protect health inform phi involv includ name address date birth medic record number last digit credit card number ce provid breach notif hhs affect individu media also provid substitut notic upon discoveri breach ce immedi disabl websit prevent incid occur futur ocr obtain assur ce implement correct action list
## [241] NA
## [242] novemb offic dr david elbaum cover entiti ce discov paper copi patient protect health inform phi stolen third parti storag facil busi associ ba exact date theft known breach affect approxim individu includ clinic demograph inform ce provid breach notif hhs affect individu media also establish tollfre call center offer free credit monitor servic affect individu ce obtain assur ba implement addit physic safeguard facil follow breach ocr obtain assur ce implement correct action describ
## [243] employe lost mobil comput drive result breach protect health inform phi affect individu type phi involv breach includ name address date birth social secur number clinic inform follow breach ce sanction respons employe retrain employe secur awar implement administr technic safeguard includ malwar protect encrypt result ocr’ investig ce complet thorough risk analysi develop risk manag plan
## [244] cover entiti ce american urgent care center psc discov upon resign former employe took xray logbook octob log book contain name treatment date individu follow breach ce revis polici retrain staff includ provid manag ce also revis procedur elimin use paper xray log book result technic assist ocr ce provid breach notif hhs affect individu local newspap ocr obtain assur ce implement correct action list
## [245] januari cover entiti ce report novemb summit reinsur busi associ ba indic discov ransomwar one comput server breach affect approxim individuals’ protect health inform phi includ patients’ name address date birth provid name health insur claim inform ce provid breach notif hhs affect individu media also provid free credit monitor ce revis polici procedur relat natur breach ocr provid substanti technic assist ce obtain assur ce implement correct action note
## [246] NA
## [247] cover entiti ce premier women’ health center discov novemb ehr server infect malwar affect electron protect health inform ephi individu inform store affect server includ name address date birth social secur number diagnosescondit lab result medic treatment inform ce abl disconnect server network data exfiltr ce provid breach notif hhs affect individu media ocr provid technic assist ce regard media notic perform risk analys respons breach ce improv technic safeguard inform system includ upgrad firmwar softwar ce also implement new hipaa polici retrain workforc may initi enterprisewid risk analysi aid legal counsel ocr obtain assur ce implement correct action list
## [248] NA
## [249] novemb busi associ ba summit reinsur notifi cover entiti ce primewest health data secur incid involv ce’ data breach affect approxim individu protect health inform includ patients’ name address date birth social secur number ba mitig breach take comput server offlin confirm ransomwar limit specif server ba also assess remov remot access data ransomwar ce provid breach notif media affect patient hhs ocr obtain document assur ce implement correct action list
## [250] novemb cyberattack access cover entity’ ce practic comput system deni access certain portion comput system ransom paid ce maryland medic center shut system util backup recov lost inform compromis inform consist correspond patient regard test result util patient name date birth social secur number document target virus affect approxim individu compromis ce put comput system safe mode conduct virus scan quarantin destroy comput virus ce confirm close system network password protect wifi ce implement procedur requir preapprov electron devic connect system requir firewal remot access virtual privat network vpn ce sanction employe respons breach retrain employe ocr review ce’ current risk assess obtain assur ce implement correct action list
## [251] NA
## [252] decemb advantag health solut cover entiti ce submit breach report state summit reinsur reinsur ce experienc data secur event ocr review matter base review ocr determin violat hipaa law occur
## [253] transact applic group inc busi associ ba cover entiti ce communiti health plan washington fail proper secur port comput network server use transfer electron file file transfer protocol ftp server result incid unauthor access electron protect health inform ephi maintain ba breach affect individu includ individuals’ name address date birth social secur number certain code inform relat health care claim ce provid breach notif affect parti media hhs offer one year free credit ident theft monitor ce also implement addit technic safeguard ocr obtain assur ce implement correct action list
## [254] octob cover entiti ce henri counti health depart learn nurse’ laptop comput paper record stolen car insid lock garag approxim individu affect breach demograph clinic inform ce provid breach notif hhs affect individu media follow breach ce reprimand employe involv breach record written warn addit ce issu polici relat safeguard laptop taken premis encrypt laptop workstat server updat privaci secur polici ocr obtain document assur ce implement correct action step note
## [255] earli august ransomwar infect desert care famili sport medicine’ dcfsm’s server encrypt data contain server dcfsm contact provid data doctor unabl break one two encrypt variant dcfsm also unabl recov patient data server dcfsm contact casa grand polic depart fbi notifi incid dcfsm unsur mani individu affect incid report breach affect individu abund caution dcfsm provid substitut media breach notif provid individu breach notif server inaccess due ransomwar attack retriev patients’ contact inform respons breach dcfsm ad offsit backup retrain employe obtain new server dcfsm close busi decemb januari anoth busi oper practic ocr provid dcfsm technic assist regard secur rule risk analysi risk manag provis
## [256] decemb alliant health plan inc cover entiti ce submit breach report state summit reinsur reinsur ce experienc data secur event ocr review matter base review ocr determin violat hipaa law occur
## [257] dentist cover entiti ce brodhead dental center encount suspici popup window work comput onlin make person transact indic patients’ protect health inform phi access result incid follow incid ce adopt encrypt technolog improv password secur updat secur plan implement technic safeguard also sanction involv workforc member improv polici procedur ocr obtain assur ce implement correct action note
## [258] NA
## [259] NA
## [260] NA
## [261] NA
## [262] octob cover entiti ce oak cliff orthopaed associ receiv call local polic state two box protect health inform phi pertain patient recov hotel locat texa box contain patients’ demograph financi clinic inform ce file polic report retriev box polic depart next day dec ce contract thirdparti vendor mail breach notif affect individu ce complet media notif offer affect individu one year free ident theft protect servic addit set call center assist individu question ce also improv physic secur ocr provid technic assist regard busi associ obtain document assur ce implement correct action note
## [263] octob stamitol dental center cover entiti ce unintent dispos box paper medic record public access dumpster potenti expos name date birth social secur number address telephon number clinic inform health insur inform individu paper medic record retriev ce follow morn ce provid time breach notif hhs affect individu websit media respons breach ce retrain workforc adopt new written polici govern proper destruct dispos paper record ocr obtain assur ce implement correct action list
## [264] comput server cover entity’ ce reinsur infect ransomwar march august make protect health inform phi access phi includ name address date birth social secur number clinic data pertain approxim individu ce submit breach report hhs caution even though reinsur busi associ ba ce provid evid ba necessari disclosur permit hipaa health care oper purpos reinsur provid breach notif affect individu ce sent notic media post substitut notic websit ce also retrain staff review ba agreement hipaa polici procedur ocr obtain document ce implement action list
## [265] busi associ ba zirm inc erron mail notic contain patients’ name date servic due program error subcontractor allison payment system ap breach affect approxim individu ce initi provid breach notif hhs affect individu follow breach cover entiti ce preventic servic llc work ba subcontractor correct program error add addit technic safeguard ocr confirm appropri ba agreement place prior breach provid technic assist regard media notif requir confirm ce complet requir breach notif includ post substitut notic websit
## [266] octob cover entiti ce meig counti em report detect ransomwar attack comput server hacker might acquir patients’ protect health inform phi breach affect approxim individu type phi involv breach includ demograph financi clinic inform ce provid breach notif hhs affect individu media respons breach ce implement physic administr technic safeguard ce also perform audit comput network account remov unnecessari stale account ocr obtain assur ce implement correct action note
## [267] individu broke cvs pharmaci whitevill nc hurrican matthew thief stole individu complet prescript type phi prescript includ name partial birthdat address medic name dose provid name prescript number cover entiti ce provid breach notif hhs affect individu media follow breach ce assess damag secur store prevent unauthor access ocr review ces polici procedur use disclosur phi safeguard phi determin complianc privaci rule ocr obtain assur ce implement correct action note
## [268] washington health system green home care report septemb employe email patient census list person home email account provid inform anoth home health agenc harmoni home care hhc list contain name address approxim homecar patient follow breach ce immedi sent attest destruct return patient inform letter hhc former employe ceo hhc sign attest return patient list indic letter return undeliver former employe indic copi patient list send list anyon els ce close oper octob ce provid breach notif affect individu hhs ce also file report pennsylvania state polic depart health ocr obtain assur ce implement correct action list
## [269] unauthor user obtain remot access comput system cover entiti ce seguin dermatolog protect health inform phi potenti affect includ name address date birth social secur number approxim individu result breach ce improv safeguard updat polici procedur train workforc member better practic protect phi ce provid breach notif hhs affect individu media ocr obtain assur ce implement correct action list
## [270] ocr open investig cover entiti ce louisiana health cooper inc report breach involv busi associ ba summit reinsur servic inc ba discov ransomwar server contain unencrypt electron protect health inform ephi approxim member ce ephi includ social secur number insur treatment inform demograph inform upon discoveri breach ba initi investig determin natur extent attack well assess system vulner ce provid breach notif hhs post substitut notic websit ba provid breach notif affect individu media ocr verifi ce proper ba agreement place restrict bas use disclosur phi requir ba safeguard phi
## [271] workforc member cover entiti ce glendal adventist medic center adventist health facil inappropri access medic record sever month employee’ person electron devic via remot connect breach affect individuals’ electron protect health inform ephi includ patients’ name address date birth social secur number medic diagnos ce provid breach notif affect individu media hhs follow breach respons ocr’ contact matter ce sanction employe revis sanction polici ocr obtain assur ce took correct action note ce also report ocr plan take measur increas administr technic safeguard ephi case ce’ sanction includ termin employ
## [272] NA
## [273] cover entiti ce former chief inform offic instruct former assist director copi file contain protect health inform phi client onto portabl comput drive subsequ former cio took drive new employ termin type phi involv breach includ name address date birth social secur number medicaid number diagnos ce provid breach notif hhs affect individu media result ocr’ investig ce revis procedur respect assign approv process access remov media addit ce conduct risk analysi establish risk manag plan manag reduc risk identifi risk analysi includ limit access remov drive result ocr investig expect implement technic secur measur guard unauthor access ephi review revis polici procedur train materi regard secur rule addit ce expect execut hipaacompli busi associ agreement exist busi associ septemb
## [274] NA
## [275] ambucor health solut busi associ ba cover entiti ce new mexico heart institut recov portabl electron devic “thumb” drive former employe contain protect health inform phi ce’ patient ba inform ce indic phi misus ce provid breach notif affect individu media hhs abund caution ba offer affect individu one year ident protect servic necessari relat recoveri servic million ident theft insur cost follow breach ce initi review updat hipaa secur process ocr obtain assur ce implement correct action note ce also confirm employe respons incid longer work access facil
## [276] busi associ ba ambucor health solut file separ breach report incid also report cover entiti ce akron general medic center ocr obtain copi ba agreement ce ba copi breach notif letter sent affect individu case consolid review ba
## [277] former employe busi associ ba ambucor health solut stole protect health inform phi cover entiti ce patient contain mobil comput drive type phi involv breach includ clinic demograph inform patient name date birth diagnos treatment affect individu ocr review ces ba agreement determin complianc privaci rule ocr obtain assur individu affect breach notifi accord breach notif rule
## [278] employe cover entiti ce lcs westminst partnership iv llp dba sagewood open email appear invoic direct ce actual locki variant ransomwar attack incid affect approxim individu type protect health inform phi involv incid includ name address date birth social secur number claim inform bill code clinic inform ce provid breach notif hhs affect individu media also provid substitut notic follow breach employe immedi report ce’ inform technolog servic ce contain elimin ransomwar threat within hour verifi file miss follow attack result incid ce upgrad antivirus softwar better detect new malwar threat conduct risk analysi assess threat electron phi result ocr’ investig ocr obtain written assur ce will updat polici procedur requir regular review inform system activ
## [279] NA
## [280] may busi associ ba ambucor health solut notifi cover entiti ce stoni brook internist univers faculti practic corpor member stoni brook organ health care arrang investig possibl breach activ former employe affect protect health inform phi ce’ patient includ demograph clinic inform novemb ba notifi ce addit patient affect breach ce ba provid breach notif hhs investig breach consolid exist review ba submiss ba report misus breach phi ocr obtain review copi ba agreement ce ba
## [281] employe cover entiti ce kalispel tribe indian cama center clinic gave “oncall” temporari administr assist ce’ facil yet train hipaa employee’ person login password inform assist use loginpassword inform access electron protect health inform ephi employee’ comput inform technolog depart learn impermiss access quick disabl employee’ login inform ephi share violat ce’ polici addit ephi assist also access paper phi breach affect approxim individu type phi ephi involv includ demograph financi clinic inform ce provid breach notif affect individu media hhs ce sanction employe pursuant polici impermiss share loginpassword inform retrain workforc member hipaa ocr obtain assur ce implement correct action measur describ
## [282] ocr open investig cover entiti ce north texa heart center report behalf busi associ ba ambucor law enforc discov mobil comput drive contain electron protect health inform ephi individu connect activ former employe ephi includ patients’ name date birth address social secur number laboratori result treatment inform upon discov breach ba work feder law enforc recov mobil devic ocr obtain draft copi bas breach notif individu media ba offer one year free credit monitor servic affect individu ocr initi separ investig ba
## [283] septemb cover entiti ce optum learn unencrypt portabl comput drive usb flash drive contain electron protect health inform ephi approxim individu lost accident destroy within us postal servic system mail septemb optum’ busi associ ba rothstein donatelli hugh dahlstrom schoenburg bienvenu law firm ephi consist name address date birth provid name diagnos plan id well partial full social secur number individu ces ba agreement law firm compliant privaci rule januari ce ceas engag new busi ba ocr obtain document correct action ocr open separ review ba
## [284] septemb cover entiti ce pinella counti board counti commission discov post file contain protect health inform phi extern websit access potenti vendor file contain date birth employe identif number dental plan coverag elect individu ce provid breach notif hhs affect individu media respons breach ce alter procedur solicit bid vendor phi longer involv addit ce retrain workforc sanction respons employe subsequ resign employ ce ocr obtain assur ce implement correct action list
## [285] NA
## [286] septemb busi associ ba emral inc notifi cover entiti ce luqu chiropract inc ba’ amazon s storag account subject unauthor access breach affect protect health inform phi approxim individu includ patients’ name date birth treatment locat treatment date social secur number driver’ licens number diagnos ce provid breach notif affect individu media hhs ce also provid free credit monitor affect individu ce termin busi relationship ba revis hipaa polici procedur ocr provid substanti technic assist ce obtain assur ce implement correct action note
## [287] NA
## [288] secur research access cover entiti electron protect health inform ephi due vulner busi associ ba data storag system research report intend use disclos inform breach affect individu involv breach includ name address birthdat driver licens number social secur number clinic inform diagnos lab result medic ce provid breach notif hhs affect individu media follow breach ba return ephi cover entiti ba close busi time breach now busi ocr obtain copi ces ba agreement ba result ocr’ investig ce increas awar respons respect bas
## [289] cover entiti ce vision care florida llc discov septemb server infect ransomwar virus employe open email attach ce’ server contain patient demograph inform includ name date birth address individu ce provid breach notif hhs affect individu media ocr provid technic assist ce regard breach notif rule document train respons breach ce chang polici procedur regard inform secur includ secur train concern malici softwar ce remov comput server internet immedi upgrad busi firewal implement cloud base backup strengthen password addit ce retrain workforc dissemin secur remind ocr obtain assur ce implement correct action list
## [290] busi associ ba ambucor health solut cover entiti ce lebanon cardiolog associ report breach rogu employe ce ba report breach hhs bas employe now incarcer unrel matter download protect health inform phi onto two portabl comput drive ie thumb drive recov type phi involv vari patient may includ first last name phone number diagnos medic date birth race home address test data patient identif number medic devic inform ce’ patient addit thumb drive contain social secur number patient sever cover entiti phi also affect breach incid ocr review copi sign ba agreement ba ce ocr confirm breach notif letter mail affect individu june investig consolid exist review file ba ensur requir breach notif rule met ocr obtain assur ce implement correct action list
## [291] NA
## [292] NA
## [293] cover entiti ce briar hill manag discov employe lost laptop comput contain protect health inform phi violat ce’ polici laptop contain name address social secur number date birth date servic prescript inform servic provid pertain individu ce provid breach notif hhs affect individu media websit also notifi local polic respons breach ce sanction involv employe result ocr’ investig ce review secur risk implement sever new secur measur includ provid addit train employe instal softwar allow ce track remov data devic remot encrypt mobil devic ocr obtain assur ce implement correct action list
## [294] octob cover entiti ce lister healthcar corpor discov physician employe download protect health inform phi ce’ electron health record ehr system last day employ phi download employe includ phi patient never treat capac sought solicit type phi involv breach includ patient name address date birth gender social secur number telephon number email address employ status marit status race ethnic insur payer inform potenti affect individu ce provid breach notif hhs affect individu media respons breach ce contact ehr provid prevent employe download print otherwis transfer phi ehr system without first obtain express approv ce’ chief execut offic addit ce hire outsid counsel retrain workforc member regard hipaa oblig respect breach ce also review hipaa polici procedur strengthen appropri prevent anoth incid breach incid anoth breach phi occur futur ocr obtain assur ce implement correct action list
## [295] NA
## [296] NA
## [297] austin pulmonari consult cover entiti ce report paper contain protect health inform phi improp dispos clean crew incid result impermiss disclosur phi approxim individu type phi involv includ clinic demograph financi inform ce provid breach notif affect individu media hhs ce updat hipaa polici procedur retrain workforc member proper dispos phi new polici procedur also improv safeguard phi regard shred bin cancel use clean servic crew involv breach ocr obtain assur ce implement correct action note
## [298] hp enterpris servic llc busi associ ba indiana famili social servic administr report theft laptop bag employee’ vehicl bag contain encrypt laptop comput unsecur print report contain protect health inform phi individu phi includ demograph inform ba provid breach notif hhs affect individu media offer affect individu free credit monitor servic follow breach ba sanction employe respons breach accord sanction polici result ocr’ investig ba updat polici procedur prevent similar incid result ocr investig ocr provid technic assist regard breach notif requir ba revis breach notif templat
## [299] octob kaiser permanent upgrad websit kporg result incorrect configur set cach data websit upgrad affect sever cover entiti ces includ kaiser permanent health plan northern california result error user log websit may protect health inform phi view onlin save cach seen visitor webpag kaiser permanent alert incid took action repair error breach affect approxim individu particip ce type phi involv breach includ financi clinic demograph inform ce provid breach notif hhs affect individu media also provid substitut notic respons breach ce creat correct action plan help mitig chanc misconfigur error educ relev staff creat new process ensur sign off approv appropri point process test outcom go live engag subject matter expert ocr provid ce technic assist regard hipaa secur rule includ risk analysi risk manag
## [300] NA
## [301] octob kaiser permanent upgrad websit kporg result incorrect configur set cach data websit upgrad affect sever cover entiti ces includ kaiser foundat health plan northwest result error user log websit may protect health inform phi view onlin save cach seen visitor webpag kaiser permanent alert incid took action repair error breach affect approxim individu particip ce type phi involv breach includ clinic demograph inform ce provid individu substitut breach notif respons breach ce creat correct action plan help mitig chanc misconfigur error educ relev staff creat new process ensur sign off approv appropri point process test outcom go live engag subject matter expert ocr provid ce technic assist regard hipaa secur rule includ risk analysi risk manag
## [302] walmart store inc cover entiti ce report protect health inform phi individu disclos intern file merg process error result letter refund check sent wrong recipi type phi includ patient’ name store locat optic order number date order refund amount ce provid breach notif hhs affect individu provid substitut notic via print media addit ce provid evid implement improv administr safeguard qualiti assur protocol retrain staff prevent similar incid ocr obtain assur ce implement correct action list
## [303] cover entity’ ce employe email protect health inform phi claim commiss reconcili purpos ce ensur phi delet employee’ home comput smart phone employe resign compani attest phi delet devic ce provid breach notif hhs affect individu media substitut notic post ces websit octob will remain post januari prevent similar breach happen futur ce retrain medicar sale workforc took step ensur former employe can longer work sell ces product chang commiss statement reflect minimum necessari phi ocr obtain written assur ce implement correct action list
## [304] NA
## [305] electron data storag account belong busi associ ba rehab bill solut access person outsid organ may septemb third parti secur research softwar compani access download protect health inform phi cover entity’ ce patient account type phi potenti involv breach includ name medicar number date birth social secur number driver’ licens number prescript treatment locat treatment date progress note ce provid breach notif hhs affect individu media follow breach ba took step secur storag account launch investig ce work ba confirm secur research delet download inform ce offer one year free credit monitor ident restor servic affect individu ocr review ba agreement ce ba obtain assur ce ba implement correct action note
## [306] process transfer box cover entity’ patient record access record storag compani iron mountain total box paper medic record went missingth cover entiti ce florida hospit medic group discov august box patient record miss iron mountain storag facil addit octob ce discov anoth box report miss access record storag compani facil box includ patients’ clinic health inform financi claim inform address date birth driver’ licens number name social secur number approxim individu affect respons breach ce commenc investig coordin busi associ bas moreov ce evalu record transfer process implement process improv also ce improv purchas depart process vendor manag implement polici procedur train futur storag vendor furthermor ce provid leadership addit educ awar train regard hipaa privaci ocr obtain assur ce implement correct action list
## [307] juli phish email sent employe cover entiti ce baystat health inc five employe respond phish email allow hacker gain access email account potenti affect protect health inform phi individu type phi potenti expos may includ patients’ name demograph inform date birth diagnos treatment medic record number instanc health insur identif number ce provid breach notif hhs affect individu media follow breach ce retrain employe issu addit phish remind employe incorpor addit inform phish various train addit ce improv technic safeguard ocr review ces hipaa polici procedur relat breach complianc privaci secur rule obtain assur ce implement correct action list
## [308] septemb desktop comput contain schedul softwar stolen cover entiti ce finley center comput contain demograph financi inform approxim individu ce provid breach notif hhs affect individu respons breach well ocr’ investig breach incid ce implement new technic administr physic safeguard revis hipaa polici procedur
## [309] harrisonburg obstetr gynecolog associ pc cover entiti ce report august physician former presid ce print protect health inform phi approxim patient prior resign ce determin report show patient name account number phone number address date servic reason visit time ocr review ce litig return report ce disabl access report except employe busi need ce provid breach notif hhs media affect individu ocr obtain assur ce implement correct action list
## [310] cover entiti ce health famili care inc discov ransomwar virus access server open firewal port septemb ransomwar access data includ patient name address date birth social secur number clinic inform individu ce provid breach notif hhs affect individu media respons breach ce initi comprehens review privaci secur safeguard secur open port firewal review secur user account strengthen password instal addit secur softwar develop plan implement audit system encrypt mechan retrain staff finish indepth review updat privaci secur polici addit will conduct risk analysi annual basi move forward ocr obtain assur ce implement correct action list
## [311] august cover entiti ce four star drug bethani inc discov left box contain protect health inform phi outdoor unprotect area garbag truck eventu retriev box transport recycl plant breach affect phi approxim individu includ patients’ name date birth social secur number clinic demograph inform claim inform medic ce provid breach notif hhs affect individu media ce advis hhs may pharmaci depart sold consequ close time breach incid occur august follow breach ce updat hipaa polici procedur ensur remain record contain phi safeguard dispos proper ce longer generat record contain phi close ocr obtain document assur ce implement correct action list
## [312] februari ocr receiv notif integr transit hospit chief oper offic integr ceas healthcar busi activ effect septemb ocr verifi inform circumst integr longer cover entiti subject requir hipaa
## [313] septemb employe transmit email patient invit particip productspecif patient advisori council email contain patients’ complet email address “” field email messag recipi see recipient’ email address may also includ name approxim individu affect breach cover entiti ce baxter healthcar provid breach notif hhs affect individu media also file polic report prevent similar breach happen futur ce reeduc counsel employe involv matter hipaa polici procedur sanction employe accord sanction polici ce also provid train workforc polici procedur regard hipaa highlight risk involv email protect health inform ocr obtain written assur ce implement correct action note
## [314] NA
## [315] april busi associ ba notifi cover entiti northwest communiti healthcar left file transfer protocol ftp port open unsecur led exposur patient protect health inform phi internet approxim individu affect breach includ patients’ name address date birth social secur number ce suspend relationship ba requir destroy ces patient inform possess ce provid breach notif hhs affect individu ocr obtain document assur ce implement correct action list
## [316] rehab bill solut rbs busi associ ba handl bill medic record cover entiti ce genesi physic therapi inc third parti impermiss access protect health inform phi exploit vulner ba’ applic store scan document demograph andor financi inform individu potenti involv breach ce end ba agreement ba august access applic time breach ce provid breach notif hhs affect individu media pursuant breach notif rule respons ocr’ investig ce provid ocr copi ba agreement rbs contain satisfactori assur regard safeguard phi pursuant requir privaci secur rule
## [317] seattl indian health board cover entiti ce report august experienc cybersecur attack employe email account ce determin electron protect health inform ephi approxim individu may affect breach ephi affect breach includ patients’ clinic demograph financi inform result discov breach ce notifi affect parti media provid retrain respons workforc member provid addit train workforc member ce provid notif breach affect individu via us mail messag sent patient portal well post notic breach homepag websit ce took step prevent recurr breach implement companywid password chang structur password manag control measur includ day password “age” limit respons ocr’ investig ce perform updat risk analysi draft correspond risk manag plan updat relev polici procedur implement addit inform secur safeguard ocr provid addit technic assist ce concern period risk analys updat risk manag plan
## [318] NA
## [319] august intrud broke cover entiti ce baxter region medic center potenti breach protect health inform phi approxim individu intrud broke lock offic contain phi paperbas patient file although noth appear miss follow breach ce improv physic secur addit move noncurr patient record secur offsit storag facil train employe hipaa practic ce provid breach notif hhs affect individu media ocr’ investig ocr review notif hhs provid technic assist regard breach notif rule
## [320] due phish scam workforc member provid unauthor access work email account august cover entiti ce apria healthcar report approxim individu potenti affect protect health inform phi involv includ patients’ name social secur number date birth drivers’ licens number medic record number diagnos clinic inform ce provid breach notif affect individu hhs media ce also provid free credit monitor servic affect individu ce revis polici procedur provid train phish scam workforc member ocr provid substanti technic assist ce obtain assur ce implement correct action note
## [321] francisco jaum cover entiti ce report breach patients’ protect health inform phi suffer ransomwar malwar attack start august type phi involv includ patients’ name address medic inform social secur number ce provid breach notif affect individu media hhs immedi discov breach ce work regain control data investig incid use forens analysi result incid ocr’ investig ce implement addit safeguard regular remot monitor month report intrus activ antivirus manag changedstrengthen system password revis backup process addit ce train staff revis hipaa polici procedur ocr obtain assur ce implement correct action
## [322] august hacker access cover entiti ce comput system subsequ launch ransomwar attack began encrypt data store ces comput server ce immedi shut comput system prevent loss patient inform prompt launch investig ce retain independ comput forens expert assist investig discov patient record irretriev delet ce provid breach notif hhs affect individu media ce receiv indic person data misus howev abund caution ce offer affect patient ident protect servic follow breach ce instal new antivirus protect softwar machin oper network also implement polici specifi staff will train follow topic identifyhandl potenti scamshoax protect softwar oper good secur practic web brows share file email attach risk instal unsupport softwar antivirus malwar protect softwar detect comput virus worm ocr obtain assur ce implement correct action note
## [323] NA
## [324] august cover entiti ce urgent care clinic oxford discov server hack unauthor third parti ce investig determin hacker gain access server administr account set ce’ technolog contractor type protect health inform phi involv breach includ patient name address date birth driver’ licens social secur number claim inform diagnos condit lab result medic affect approxim individu ce provid breach notif hhs affect individu media respons breach ce immedi shut server’ remot access contact law enforc hire forens investig instal new network sonic wall protect entir system ocr provid technic assist ce regard risk analysi risk manag consequ ce alter polici procedur includ full month test server new risk assess accord ocr’ secur risk assess tool moreov ce retrain workforc updat polici procedur ocr obtain assur ce implement correct action list
## [325] NA
## [326] septemb san juan oncolog associ cover entiti ce report discov “guardwareindia” virus server breach affect electron protect health inform ephi individu type ephi involv breach includ demograph financi clinic inform follow breach ce instal new comput server antivirus softwar complet post risk analysi revis breach notic polici includ element media notic requir ocr obtain document ce’ implement secur control will continu updat demonstr cultur secur complianc ocr also provid technic assist breach notif secur risk analysi requir
## [327] cover entiti ce thomasvill eye center discov one employe open credit account patient without author employe abl access patient name address date birth social secur number bill inform although ce know one patient impact employe access record individu employ may affect ce provid breach notif hhs individu may affect media websit follow breach ce retrain employe revis polici procedur limit employe access protect inform ocr obtain assur ce implement correct action list ce also termin employe involv notifi local law enforc fbi
## [328] ransomwar infect system oper cover entity’ ce busi associ ba marin medic practic concept inc third parti forens firm hire investig incid found evid patients’ person financi health inform access view transfer howev restor process one ba’ backup system fail caus loss protect health inform phi document ce’ physician period juli juli phi includ vital sign limit clinic histori document physic examin record communic patient physician visit ocr consolid review exist review ba involv case
## [329] medic practic concept inc busi associ ba provid cover entiti ce prima medic foundat busi health care system servic experienc ransomwar infect third parti forens firm hire investig incid found evid protect health inform access view transfer howev ba inform ce data restor process one backup system fail caus loss certain inform document ces physician period juli juli ocr consolid review case review ba
## [330] cover entiti ce busi associ ba erron mail coverag termin letter wrong memberspati paper document contain protect health inform phi approxim individu includ name address insur group name medic record number ce provid breach notif hhs affect individu media follow breach ce work ba take addit qualiti control step ocr obtain assur ceba implement correct action list
## [331] electron protect health inform ephi contain cover entity’ ce comput server compromis unauthor thirdparti juli august phi involv compromis server includ full name social secur number date birth home address drivers’ licens claim inform creditbank account number treatment note pertain individu ce provid breach notif hhs affect individu media also post substitut notic websit follow breach ce retain forens firm conduct new risk assess instal enhanc firewal system updat antivirus softwar implement safeguard relat access ocr obtain written assur ce implement correct action list
## [332] cover entiti ce dr hal meadow hm report breach occur electron patient bill file unlaw access desktop comput ce’ offic breach affect approxim individu ce’ patient electron protect health inform ephi involv includ full name address date birth telephon number social secur number claim inform diagnosiscondit lab result medic treatment code bill inform ce provid breach notif hhs affect individu media also provid substitut notic follow breach ce also immedi report incid fbi result incid ce updat polici procedur contract compani provid encrypt cloudbas bill system order safeguard ephi ocr obtain assur ce implement correct action
## [333] hacker place ransomwar cover entiti ce comput server server store protect health inform phi—address date birth driver’ licens data name social secur number claim inform credit card bank account inform medic diagnos lab result medic treatment information— approxim individu data server encrypt hacker place encrypt top ce’ encrypt prevent access ce hacker demand ransom ce paid payment ransom ce regain access data server ce hire third parti perform forens investig ce provid complet copi investig report ocr ce also provid ocr detail analysi risk assess determin probabl data compromis low abund caution ce expand data secur monitor updat secur manag polici provid addit train staff ocr obtain assur ce implement action list
## [334] NA
## [335] august notifi certain file inaccess cover entiti ce detect ransomwar encrypt file two comput server server store hospit oper manual well record contain electron protect health inform ephi potenti individu type ephi involv breach includ name demograph inform date birth treatment inform diagnos case social secur number ce provid breach notif hhs affect individu media ce quick identifi malwar shut impact server ce fulli restor data encrypt file back data without pay ransom ce implement addit technic measur improv malwar prevent detect ocr’ investig result ce improv safeguard ocr obtain assur ce implement correct action note
## [336] NA
## [337] employe took home paperwork contain protect health inform phi individu later recov acquaint employe return cover entiti ce ventura counti health care agenc ce provid breach notif hhs affect individu media ce also notifi california depart public health follow breach ce assign necessari employe retrain sanction respons employe sent memo necessari staff prohibit remov phi facil ocr obtain assur ce implement correct action list
## [338] cover entiti ce kid peac discov box document medic record depart miss believ custodian threw box left next wastepap basket trash breach includ protect health inform phi individu includ name date birth medic record patient account number servic date follow breach ce retrain staff restrict custodians’ access medic record depart addit ocr review ce’ risk analysi ensur complianc secur rule ocr obtain assur ce implement correct action list
## [339] juli chi franciscan health cover entiti ce learn employeephysician impermiss access st clare hospit st joseph medic center patient inform sinc juli tri expand physician’ client base approxim individu affect breach incid type electron protect health inform ephi involv includ clinic inform diagnos condit lab result medic treatment inform ce provid breach notif affect individu media hhs also post inform breach websit ce creat call center patient concern individu individu get uptod inform breach incid receiv assist need addit ce sanction respons physician accord hipaa sanction polici retrain workforc member hipaa includ session “accept use disclosur phi physicians” ocr obtain assur ce implement correct action describ
## [340] cover entiti ce heritag medic partner move new facil left medic record unsecur former facil novemb januari affect individu type protect health inform phi document includ patient name date birth address phone number social secur number gender age ethnic height weight facil name treat physician date test clinic inform ocr provid technic assist ce provid breach notif hhs affect individu media websit set ce ce process dissolv stop treat patient decemb ce report medic record store secur area individu providers’ current facil access limit author employe ocr provid technic assist regard proper retent destruct phi ocr obtain assur ce implement correct action list
## [341] king prussia dental associates’ network server hack breach affect electron protect health inform ephi individu includ name date birth social secur number address well clinic inform cover entiti ce provid breach notif hhs affect individu media follow breach ce strengthen technic safeguard includ firewal antivirus protect ocr review ces risk analysi ensur complianc secur rule ce provid ocr assur continu strengthen technic safeguard
## [342] august cover entiti ce pratap s kurra md discov breach practic accid threw paper bill ticket move ticket control less hour retriev breach affect approxim individu type protect health inform phi involv breach includ ce’ name patients’ name hospit name procedur type time anesthesia use difficulti case ce provid breach notif hhs media affect individu ce revis bill procedur mail bill ticket direct hospit ce’ bill compani discontinu take paper phi home ocr provid substanti technic assist ce obtain assur ce implement correct action note
## [343] workforc member provid unauthor individu workforc member’ credenti allow individu access new england health exchang network nehen via comput unauthor individu thus abl access protect health inform phi patient cover entiti ce codman squar health center type phi involv breach includ patients’ name address birthdat medic insur inform patient receiv medicaid social secur number ce provid breach notif affect individu media hhs ce also provid individu fraud resolut credit monitor servic cost follow discoveri breach ce sanction involv employe retrain employe result ocr’ investig ce revis breach notif polici implement relat procedur
## [344] us healthwork cover entiti ce experienc breach juli due theft ceissu laptop comput notebook contain laptop encrypt password employee’ automobil breach involv protect health inform phi individu includ patient name clinic inform visit date social secur number patient ce provid breach notif hhs affect individu media also provid substitut notif addit ce offer individu social secur number involv breach one year complimentari credit monitor ident theft protect servic follow breach ce sanction employe involv breach retrain employe inform secur ocr provid ce technic assist regard secur rule includ risk analysi risk manag
## [345] ocr investig cover entiti ce asant ce report breach individuals’ electron protect health inform ephi due workforc member’ inappropri access medic record coupl year also inform ocr similar incid cours investig involv workforc member breach affect patient name age locat hospit certain health inform patient status follow breach respons ocr’ investig ce sanction workforc member involv implement zero toler sanction polici patient inform misus ocr obtain document ce complet secur enhanc network modif addit ocr obtain assur ce plan take addit measur increas administr technic safeguard ephi case employe sanction includ termin employ
## [346] decemb ir notifi cover entiti ce martin armi communiti hospitalthat one employe involv ident theft activ review consolid anoth review ce
## [347] cover entiti ce public educ employees’ health insur plan discov result inform technolog upgrad document includ protect health inform phi relat multipl member inadvert becam viewabl member member onlin system mos phi involv breach includ members’ dependents’ name program identif number birth date retir date pertain individu document also contain social secur number ce provid breach notif hhs affect individu media ce provid credit monitor servic affect individu month cost respons breach ce investig work conjunct deloitt compani hire provid softwar profession servic new system revis newli implement softwar code termin access document involv incid ce deloitt abl appli emerg fix day incid discov addit ce revis intern protocol upload document ocr obtain assur ce implement correct action list
## [348] cover entiti ce man aliv inc lane treatment center report septemb remot access cyberattack hack ce’ comput system instal ransomwar employee’ comput gain unauthor access electron patient record system ce determin hacker access download summari patient profil list consist patients’ name birthdat social secur number drug dosag inform insur identif number street address phone number employ status demograph data ce immedi remov infect comput network data subject malici encrypt restor ce provid breach notif hhs affect individu media also post substitut notic websit also notifi fbi vendor partner follow breach ce disabl user remot access except vendor implement secur applianc perform virus scan gateway level block unwant protocol polici provid firewal ce also strengthen complex requir user password ocr obtain suffici assur ce implement correct action list
## [349] NA
## [350] cat scan log binder contain protect health inform phi went miss cover entiti ce decatur health system sometim juli juli breach affect individu type phi contain binder includ patients’ name date birth exam date diagnos order provid xray exposur level ce provid breach notif hhs affect individu media also report incid proper law enforc author respons breach ce enhanc physic safeguard everi depart addit ce implement new privaci secur practic retrain staff hipaa polici procedur ce also revis polici clarifi patient third parti can access phi includ associ fee educ staff polici ocr obtain document ce implement correct action note
## [351] juli august cover entiti ce geising health plan misdirect invoic incorrect recipi breach affect individu protect health inform phi involv breach includ clinic demograph inform ce provid breach notif hhs affect individu media offer credit monitor individu also offer chang health plan member number affect individu ocr obtain assur ce implement correct action list
## [352] unauthor thirdparti compris protect health inform phi found employee’ email account period three day compromis email account contain phi individu type phi involv breach includ full name home address date birth medic record number diagnos andor treatment inform social secur number two patient cover entiti ce medic colleg wisconsin provid breach notif hhs affect individu media also post substitut notic follow breach ce retain forens firm retrain employe compromis email account implement new safeguard ocr obtain written assur ce implement action list
## [353] juli unauthor individu access email account employe cover entiti ce burrel behavior health sent thirteen person email account believ employee’ exboyfriend email account impermiss access contain electron protect health inform ephi patient ephi includ name treatment social secur number financi inform ce provid breach notif hhs affect individu media post notic websit ce direct thirdparti forens inform technolog investig determin caus sever breach investig conclud one employee’ email account breach ce disabl email internet access global employe ce also sent educ document remind employe password secur best practic hipaa network secur ce also provid one year ident credit protect affect individu ocr obtain assur ce took voluntari correct action list
## [354] cover entiti ce santa cruz counti health servic agenc report breach unsecur phi breakin occur ce’ storag area ce initi report breach affect approxim individu howev intern investig conduct law enforc assist reveal later breach occur breakin affect paper record ocr provid technic assist ce ce implement addit physic safeguard updat hipaa polici procedur train staff privaci secur awar
## [355] busi associ ba inadvert left file contain cover entity’ ce patient inform access via internet midapril june ba assur ce chi franciscan health highlin medic center secur file june type ephi involv includ patient name date servic health insur inform social secur number affect approxim individu ocr review applic ba agreement place time breach follow breach ce discontinu ba relationship ba addit ba provid valid delet file comput system contain inform ce’ patient ocr obtain assur ce notifi affect individu submit notif media offer free credit monitor servic live affect individu creat call center patient concern individu individu get uptod inform breach receiv assist need
## [356] cover entiti ce willow bend dental report august process transport box old patient chart dispos lock trailer contain box patient chart stolen ces park lot chart contain approxim patients’ protect health inform phi includ diagnos lab result medic respons incid ce immedi alert author septemb recov record believ involv incid result breach ce retrain workforc member regard use disclosur phi revis record retent dispos polici ce provid breach notif hhs affect individu media ocr obtain assur ce implement correct action note
## [357] unauthor user remot access workstat comput cover entiti ce center neurosurg spine disord llc type protect health inform phi access unauthor user includ name address phone number social secur number medic chart inform bill inform individu upon discov breach ce notifi feder bureau investig notifi three major consum credit report agenc provid free credit monitor affect individu ce provid breach notif hhs affect individu media ce improv technic secur postur retrain staff ocr obtain assur ce implement correct action list
## [358] juli patterson dental suppli inc busi associ ba cover entiti ce southwest portland dental ce notifi ce april januari unauthor individu gain access comput network resourc site use entiti exchang electron protect health inform ephi breach affect ce’ patient type ephi involv includ patients’ name date birth social secur number respons breach ce implement new hipaa privaci secur polici procedur ce provid written notic breach affect individu promin media outlet hhs ocr obtain assur ce perform updat risk analysi
## [359] paper document stolen employe car offsit paper document contain protect health inform phi approxim individu type phi involv breach includ first last name date birth medic record number telephon number gender inform name treatment clinic appoint type date time appoint reason examin andor diagnosi follow breach cover entiti ce notifi local law enforc retrain staff ce provid breach notif hhs affect individu media ocr obtain assur ce implement correct action list
## [360] august cover entiti ce plan parenthood greater washington north idaho ppgwni report busi associ ba athenahealth inc inadvert sent email invit individu ces onlin portal wrong address email includ first last name individu upon discoveri breach ce ba shut portal determin root caus breach implement addit safeguard ce provid breach notif hhs affect individu media ba ce reestablish onlin portal reconfirm permiss process relat busi associ contractrelationship ocr obtain document assur ce ba implement correct action note
## [361] cover entiti ce summit medic group inc dba st elizabeth physician discov employe weight manag center wmc sent email juli notifi recipi upcom vitamin present inadvert fail blind copi recipi recipi abl see recipients’ email address email sent address undeliver belong ce’ employe ce calcul number individu affect august ce provid breach notif hhs affect individu media respons breach result ocr’ investig ce review adjust email procedur sanction wmc employe provid train leadership wmc workforc addit employe sent email start multisess individu train program ocr obtain assur ce implement correct action list
## [362] employe caloptima cover entiti ce impermiss copi data file contain protect health inform phi patient unauthor electron mobil storag devic univers serial bus usb last day employ ce ce discov breach data loss prevent system breach affect approxim individu type phi involv includ full name address date birth claim inform diagnosiscondit medic treatment inform medicaid beneficiari number social secur number ce provid breach notif affect individu media hhs also provid substitut notic follow breach ce immedi report incid local law enforc result incid ce updat polici procedur disabl usb devic write privileg employe made sure inform secur team will inform employe separ ce ce also implement new procedur requir employe justifi receiv approv manag submit request inform secur team receiv permiss write usb devic ocr obtain assur ce implement correct action list
## [363] person electron account access impermiss use sale databas contain protect health inform cover entiti ce prospect enrol member approxim individu affect electron phi ephi involv breach includ name address phone number date birth social secur number individu sale call note relat diagnoseshealth condit medic physician name ce provid breach notif hhs affect individu media follow breach ce implement procedur increas monitor databas enhanc technic secur procedur regard authent databas access ocr’ investig result ce enhanc practic safeguard ephi
## [364] cover entiti ce outer bank hospit lost two unencrypt portabl comput drive flash drive contain protect health inform phi approxim individu move type phi lost flash drive includ name address birthdat social secur number diagnosescondit treatment inform ce provid breach notif hhs affect individu media respons breach ce retrain workforc respect appropri portabl devic media storag addit ce initi deploy new technolog comput workstat detect prevent phi download portabl storag media devic ce also began use autoencrypt technolog rather reli user action encrypt data implement relat procedur ce draft new procedur physic practic acquisit includ thorough risk assess privaci secur compon ocr obtain assur ce implement correct action list
## [365] NA
## [366] NA
## [367] NA
## [368] NA
## [369] juli dr john e gonzalez’ car window broken briefcas stolen car briefcas contain extern hard drive electron protect health inform ephi approxim individu affect breach ephi extern hard drive contain social secur number phone number date birth physic email address health insur inform pictur patients’ teeth patient’ first last name list ce provid breach notif hhs affect individu media well substitut notic respons breach ce ad safeguard prevent unauthor access data extern hard drive purchas encrypt extern hard drive ocr provid ce technic assist regard breach notif secur rule risk analysi risk manag provis
## [370] NA
## [371] cover entiti ce valley anesthesiolog consult inc dba valley anesthesiolog pain consult acquir sheridan healthcorp inc becam subsidiari third parti may gain unauthor access ce’ comput system march affect individu type electron protect health inform ephi potenti access includ demograph clinic inform respons breach ce immedi disabl account unauthor access potenti gain forens firm investig breach report approxim nine addit foreign internet protocol ip address attempt use remot desktop protocol access various part ce’ comput system use account administr privileg ce “blacklisted” ip address investig continu order allow firewal block attempt access electron health record program remot desktop protocol forens firm also identifi fifteen suspici local account three administr account potenti compromis ce provid breach notif hhs affect individu media post substitut notic accord breach notif rule ocr provid technic assist regard ce’ oblig conduct comprehens current secur risk analysi implement correspond risk managementmitig plan address find ocr also provid ta regard ce’ oblig document evid implement secur awar train program includ train materi just email remind record complet workforc manag addit ocr state expect ce clarifi nonephi applic govern user access review procedur
## [372] rotech healthcar inc cover entiti “ce” discov medic record electron medic record system print remov offic recov secret servic breach affect patient state less individu affect given state record involv breach contain patient name social secur number patient number date birth date death address phone number name rotech subsidiari compani individu receiv healthcar servic ce sent time breach notif hhs affect individu post notif websit ce also offer two year free ident protect affect individu respons breach ce revis data monitor polici procedur revis physic safeguard offic locat highest risk factor futur breach sanction employe alleg involv breach ocr obtain assur ce implement correct action list
## [373] cardiolog associates’ employe mail patients’ protect health inform phi person email address without legitim busi purpos breach includ phi individu includ name date birth social secur number follow breach cover entiti ce sanction employe includ termin case notifi feder bureau investig ocr review ces risk assess ensur complianc secur rule
## [374] cover entity’ ce employe disclos protect health inform phi univers practicum student contact individu email ask like particip survey relat autism phi involv breach includ demograph inform approxim individu ce provid breach notif hhs affect individu follow breach ce sanction retrain involv employe confirm practicum student destroy phi receiv ocr obtain document ce implement correct action list
## [375] NA
## [376] NA
## [377] NA
## [378] employe erron email group patient support group copi patient abl see email address individu email sent type protect health inform phi involv incid includ email address inform may suggest individu patient cover entiti ce ce provid breach notif hhs affect individu media follow breach ce revis polici procedur attempt recal email retrain workforc member ocr obtain assur ce implement correct action note provid technic assist reason safeguard
## [379] NA
## [380] NA
## [381] NA
## [382] NA
## [383] june cover entiti ce athlete’ perform los angel llc discov facil carson california lost password protect laptop comput laptop unencrypt hard drive contain electron protect health inform ephi individu includ name contact inform payment data health inform insur inform ce provid breach notif hhs affect individu media respons breach cover entiti encrypt hard drive laptop issu workforc member implement email attach encrypt authent email data loss capabl well email trackingrevoc capabl ce institut backup ediscoveri capabl establish busi associ relationship servic contract third parti provid web base secur privaci awar train platform program ce also implement hipaa secur privaci polici procedur ce also provid ocr addit document includ hipaa notic privaci practic polici relev breach investig ocr obtain assur ce implement correct action list
## [384] NA
## [385] unauthor individu burglar one starcar specialti health system’ facil five laptop comput stolen paper file contain protect health inform phi show sign tamper type phi potenti affect includ name assess progress note discharg plan medic record number approxim individu result breach cover entiti ce improv safeguard provid affect individu free credit monitor ce provid breach notif hhs affect individu media ocr obtain assur ce implement correct action list
## [386] american famili care inc cover entiti ce discov softwar impermiss disclos electron protect health inform ephi patient receiv servic clinic breach occur august june affect individu phi involv breach includ name date birth address intern patient identif number gender bodi part xray ce provid breach notif hhs affect individu media post substitut notif websit respons breach ce work softwar vendor modifi softwar prevent user includ copi entir databas electron patient file futur ce also revis polici train staff new polici sanction employe failur time updat softwar licens ocr obtain assur ce implement correct action list
## [387] employe ftgu medic consult llc ftgu sent electron protect health inform ephi approxim individu unknown third parti ftgu busi associ ba care women pa cover entiti ce ephi includ clinic diagnost treatment inform well financi inform relat bill ba discov breach recipi ephi notifi ba intend recipi ba request recipi delet ephi file email comput receiv assur recipi compli request ce provid breach notif hhs affect individu media follow breach ce provid ba addit train addit ba took step increas implement technolog safeguard implement period evalu retrain employe ocr also verifi ce proper ba agreement place restrict ba’ use disclosur phi requir ba safeguard phi
## [388] ambucor health solut busi associ ba util multipl cover entiti ces provid remot monitor servic cardiac devic ba report march rogu employe download thousand file contain protect health inform phi onto portabl thumb drive indict feder crime includ feloni ident theft matter unrel ba ba immedi shut employe comput access conduct thorough investig former employe incarcer cooper feder law enforc author eventu thumb drive return ba comput forens firm data review team identifi total ces includ approxim individu patient affect breach type phi affect breach vari patient may includ patient first last name phone number diagnos medic date birth address test data result medic devic inform enrol date physician name well patient social secur number ba provid breach notif hhs custom ces well affect individu custom ask notifi ba offer ident protect servic affect individu cost provid call center respond question concern follow breach ba reran background check manag team addit perform comprehens enterprisewid risk assess reconfigur univers serial bus usb port comput workstat allow readon access enhanc relat polici procedur also provid addit hipaa train employe ocr obtain assur ba implement correct action list case bas sanction involv employe includ termin employ
## [389] ocr open investig cover entiti ce sunburi plaza dental report secur storag unit contain paper protect health inform phi burglar storag unit contain phi individu medic record contain locat includ name address date birth social secur number treatment inform ce provid breach notif hhs affect individu media also post substitut notic websit ce offer one year ident monitor affect individu follow breach ce revis record retent polici minim number paper record storag ocr obtain assur ce implement correct action note
## [390] cover entiti ce memori hermann health system report decemb may memori hermann health solut plan administr memori hermann health system employe group health plan impermiss disclos protect health inform phi plan member ce’ primari care physician pcp disclosur includ plan members’ name address date birth telephon number member identif plan member exist relationship pcp time disclosur therefor disclosur treatment purpos error occur implement new process effect communic leadership health plan ce met new leadership health plan ensur plan compli oblig control data flow ensur plan’ appropri use share data follow incid ce provid evid notifi affect individu media post substitut notif websit
## [391] dr brian haleviegoldman cover entiti ce report breach occur two laptop comput laptop bag contain superbil receipt disabl paperwork copi prescript list symptom identifi patient miscellan paper shred blank control noncontrol prescript pad smart phone stolen physician’ lock vehicl type protect health inform phi involv breach includ full name address intern medic record number credit card inform diagnosiscondit lab result medic clinic note file approxim individu ce provid breach notif affect individu media hhs also provid substitut notic follow breach ce immedi report theft local law enforc addit ce engag independ firm implement addit protect measur result breach ce purchas new offic equip secur softwar creat implement log equip travel offic encrypt electron devic store phi revis polici procedur safeguard phi ce also train workforc member revis polici ocr obtain assur ce implement correct action note
## [392] april repres midland memori hospit notifi cover entiti ce premier famili care inc ces patient document discov unsecur room former employee’ resid foreclosur proceed document contain protect health inform phi approxim individu includ patient name date birth social secur number address zip code diagnosescondit lab result medic treatment inform ce provid breach notif hhs affect individu media follow breach ce secur involv record updat hipaa polici retrain staff ocr obtain assur ce implement correct action list
## [393] NA
## [394] access health care physician llc cover entiti ce discov may intrud broke one physician’ lock offic pri open lock file cabinet patients’ financi record store affect demograph clinic inform approxim individu file cabinet contain record includ patients’ name date birth phone number home address diagnos code social secur number insur inform ce provid time breach notif hhs affect individu media respons breach ce immedi secur physician’ offic breach occur chang lock instal alarm system move record former patient secur offsit storag facil ce conduct survey affili physician offic ensur everi offic instal alarm system ocr obtain assur ce implement correct action list
## [395] juli cover entiti ce provid medic group – gateway clinic report privaci monitor program discov inappropri access medic record one financi coder audit reveal employe impermiss access medic record individu type protect health inform phi involv breach vari patient includ demograph medic treatment inform may includ imag driver licens insur data social secur number ce provid breach notif hhs affect individu media also offer individu two year credit monitor follow breach ce sanction employe disabl electron physic access system ce also retrain coder privaci polici review risk assess risk manag plan ocr obtain assur ce implement correct action list
## [396] malwar instal cyberintrud prognoci medic record system busi associ ba bizmat inc breach affect approxim individu patient cover entiti ce lee rice medic corpor dba lifewel institut type protect health inform phi involv includ full name address date birth phone number sex marit status social secur number claim inform diagnosescondit lab result medic ce provid breach notif hhs affect individu media also provid substitut notic respons breach ba notifi cooper fbi investig addit ba consult independ cybersecur firm assess extent breach implement addit protect measur prevent similar breach occur futur ocr obtain assur ce ba implement correct action note
## [397] around may cover entity’ ce offic manag notic comput server crash program run slowli ce found new patient record manag system creat hid administr account use weak predict user id password administr account use hack ce’ server protect health inform phi server includ patients’ full name address telephon number appoint activ clinic care note insur inform affect individu social secur number approxim individu affect breach ce provid breach notif hhs affect individu media offer credit monitor free charg one year follow breach ce remov unauthor account applic ce retain forens expert provid ocr copi forens report ocr obtain assur ce implement correct action list
## [398] cover entiti ce sunshin state health plan inc discov case manag email daili inpati census report incorrect email address email contain protect health inform phi individu includ member name address date birth plan elig inform hospit date medicaid medicar id number diagnos procedur ce provid breach notif hhs affect individu media also post substitut notic websit ce offer free credit monitor ident theft restor servic respons breach ce revis encrypt decrypt polici procedur requir employe encrypt email contain phi sensit data ce also revis confidenti releas phi polici mitig polici procedur ce sanction involv employe violat polici ocr obtain assur ce implement correct action list
## [399] employe cefalu eyetech green inc cefalu photograph comput screen contain protect health inform phi approxim individu includ name address email address code diagnosi condit follow breach cefalu investig breach provid breach notif hhs affect individu ocr determin report entiti longer cover entiti ocr obtain document support find cefalu longer cover entiti
## [400] NA
## [401] cover entiti ce lasair aesthet health pc report may former employe use mobil phone forward email contain electron protect health inform patient person email account email consist two list patient includ name balanc credit amount two email pictur includ name patient pictur one email document patient’ reaction medic servic former employe tender resign may ce chang password within minut receiv notic howev breach occur next day chang password updat mobil phone ce provid breach notif affect individu hhs media follow breach ce creat new privaci secur polici procedur includ new termin checklist retrain staff institut background check procedur staff switch email servic new provid increas secur control remov remot access capabl major staff ocr provid ce relev technic assist
## [402] health incent cover entiti ce discov june patient databas contain electron protect health inform ephi avail internet web search breach affect individu type ephi involv breach includ patient name date birth email address mail address ce provid time breach notif hhs affect individu media ce success contact affect individu receiv initi notif respons breach ce sanction respons breach creat new process upload file websit ocr obtain assur ce implement correct action note
## [403] virus malwar potenti instal inform system bizmat inc busi associ ba cover entiti arkansa spine pain ce approxim individu electron medic record compromis ba ce unabl determin whose record inform access ocr obtain copi ba agreement place ce ba review address separ review ba
## [404] june june staff member cover entiti ce heart center southern maryland llp copi patient profil inform ce’ system past onto comput staff member inappropri permit third parti access comput disclos protect health inform individu treat physician leav employ ce ce provid breach notif hhs affect individu media ocr obtain ce’ secur rule polici procedur confirm ce provid employe train ocr determin action commit rogu employe longer employ ce
## [405] NA
## [406] NA
## [407] employe busi associ ba navihealth provid servic cover entity’ ce patient use assum name nurs licens june may access protect health inform phi cours employ breach affect individu patient ces red facil total digniti health patient california nevada type phi involv breach includ full name address date birth social secur number claim inform diagnosescondit lab result medic ce provid breach notif hhs affect individu media also provid substitut notic ocr review ba agreement place ce ba obtain assur ce implement correct action list respons breach ba sanction respons employe termin employee’ access phi contact law enforc report incid ba also review record call made employe phi access employe ensur phi access provid patient servic accord job function addit ba improv administr safeguard revis workforc clearanc polici procedur
## [408] hacker caus breach protect health inform phi patterson dental suppli inc busi associ ba cover entiti ce massachusett general hospit breach affect phi approxim individu includ demograph clinic inform ce provid breach notif hhs affect individu media ocr’ investig reveal ce ba busi associ agreement place time breach ocr review ba agreement determin appear compli requir hipaa rule ocr open separ review ba concern under breach
## [409] june cover entiti ce dr linda white report extern hard drive devic contain backup dental practic comput server return proper destruct employe approxim individu affect breach type protect health inform phi stolen includ patients’ name date birth social secur number limit medic inform ce provid breach notif hhs affect individu media ce determin formal risk assess level risk low stolen hard drive requir specif softwar util employe gain access patients’ phi ocr obtain assur ce implement correct action list counti offici initi prosecut employe possess hard drive devic
## [410] cover entiti ce ceaton c falgiano sent group email client use blind carbon copi result client abl view ’s email address case individual’ first last name result impermiss disclosur protect health inform ce stop send group email ce provid breach notif hhs affect individu media result ocr’ investig ce expect develop polici procedur respect safeguard ephi transmit via email mail fax train staff new polici procedur
## [411] uncommon care pa cover entiti ce discov busi associ ba bizmat inc victim comput hack incid incid result potenti unauthor access ce’ electron medic record store bizmatics’ server breach affect individu includ patient address date birth name social secur number diagnos test result medic treatment inform ce sent time breach notif hhs affect individu media ce also post notif breach websit respons breach ce offer one year free credit monitor affect individu prior ocr investig ce determin ba agreement ba fulli execut enter effect ba agreement june ce decid continu servic contract ba obtain assur ba improv will made comput network server network monitor activ ocr obtain assur ce implement correct action list
## [412] april cover entiti ce midland women’ clinic learn patient document discov unsecur unauthor offsit locat document contain protect health inform phi approxim individu includ name date birth social secur number address zip code diagnosescondit lab result medic treatment inform follow breach ce secur patient record updat polici procedur provid addit hipaa train employe ocr review ce’ breach notif affect individu media provid technic assist regard breach notif requir
## [413] NA
## [414] april may iron mountain busi associ ba cover entiti ce texa health human servic commiss unabl locat sixteen carton record contain protect health inform phi type phi involv breach includ name address social secur number social secur claim number date birth medic record number medicaidindividu number case number bank account number individu ce provid breach notif hhs affect individu media follow incid ce ensur ba retrain workforc member privaci appropri storag track procedur addit ce initi chang procedur reconcil file inventori verifi file box destruct ocr obtain assur ce implement correct action note
## [415] cover entiti ce kern counti mental health discov page paper printout account receiv month septemb open file contain left vacat area facil april protect health inform phi involv breach includ patient name medic record number date servic numer servic code amount bill approxim individu affect breach ce initi provid substitut media breach notif notif hhs receiv technic assist ocr ce provid individu breach notif follow breach ce revis polici procedur move vacat offic space ensur thorough walkthrough area complet prior vacat area ce also retrain staff revis polici procedur ensur implement
## [416] unauthor user access cover entiti ce comput server sever time march march server contain patients’ name address date birth social secur number affect approxim individu ce laser dermatolog surgeri center provid breach notif hhs affect individu media follow breach ce implement firewal lockdown prevent extern access comput network decommiss breach electron system ce also complet addit network segment creat new domain network wipe rebuilt comput workstat move secur network ce also train staff secur awar polici procedur ocr obtain assur ce implement correct action note
## [417] employe author work home fail return paper record physician practic exhusband discov record return physician practic breach includ protect health inform phi individu phi involv breach includ demograph inform date birth social secur number medic record number clinic inform follow breach cover entiti reeduc employe ocr review ces risk analysi ensur complianc hipaa privaci secur rule
## [418] cover entiti ce file breach report verifi inform breach report later ce state file breach report prematur breach ce file breach report recant breach occur base conflict breach report file ce ocr decid initi investig determin ce’ complianc ce provid affidavit sign busi associ ba softwar use run practic phi store inform technolog person cortcompcortland comput state phi access compromis ocr obtain review copi ba agreement softwar vendor ce’ polici procedur relat safeguard phi risk analysi incid report
## [419] employe cover entiti ce saint mari elizabeth hospit sent email remind potenti particip hospital’ bariatr patient support group inadvert attach spreadsheet patients’ name associ bariatricrel surgeri spreadsheet contain name surgeri date address email phone number individu ce unsuccess tri recal messag ce’ intern investig determin involv employe fail util autoencrypt featur email contain protect health inform phi ce provid breach notif hhs affect individu media post substitut notic websit follow breach ce retrain employe email polici procedur best practic secur phi sent email ce sanction involv employe ceas use email send remind support group activ ocr obtain assur ce implement correct action list
## [420] april cover entiti ce pruitthealth hospic experienc breakin beaufort offic perpetr enter offic break side window broke file cabinet although appear medic record disturb taken perpetr opportun access paper medic record individu type protect health inform phi contain paper medic record includ patient name address social secur number date birth date servic servic locat clinic inform follow breach ce review polici train staff data privaci inform secur addit ce initi crimin investig local law enforc improv physic safeguard replac broken window purchas file cabinet secur lock purchas monitor secur system ce provid breach notif hhs patient ever serv media also provid substitut notic websit set toll free inform line affect individu ocr obtain assur ce implement correct action list
## [421] NA
## [422] ocr open investig cover entiti ce walmart store discov erron mail refund check busi associ ba hartehank direct marketingkansa citi llc breach result unauthor disclosur individuals’ protect health inform includ name store locat refund amount prescript order number order date ce provid breach notif hhs affect individu media ocr obtain assur ce implement correct action note
## [423] physician affili midland memori hospit cover entiti ce allow access individuals’ unsecur medic paper record physician’ foreclos home approxim one month bank properti manag staff prepar properti resal type protect health inform phi involv breach includ patients’ name address date birth social secur number diagnosescondit medic treatment inform ce provid breach notif affect individu media hhs follow breach ce implement new safeguard polici specif address remov phi facil retrain workforc member ocr obtain assur ce implement correct action note
## [424] grace primari care pc cover entiti ce discov busi associ ba bizmat suffer malici cyberattack comput server potenti expos name date birth address phone number email address social secur number health insur number diagnos treatment inform individu addit ce complet breach notif requir notif letter affect individu inadvert mail invalid address due spreadsheet error ce recov letter unopen conduct breach risk assess ce determin letter low probabl impermiss disclosur ocr provid technic assist ce concern element constitut phi ce provid time breach notif affect individu hhs media ocr determin ba agreement place time breach subsequ investig respons breach ce offer free ident protect servic affect individu initi process termin busi relationship ba electron health record provid ocr obtain assur ce implement correct action list
## [425] cover entiti ce vincent vein center report busi associ ba bizmat own data server contain ces patient inform access unauthor person approxim ces patient affect breach electron protect health inform ephi involv breach includ patient name address social secur number health visit inform ce provid breach notif affect individu hhs media follow breach ce began evalu use altern electron medic record practic manag softwar result ocr’ investig technic assist ce provid written assur will revis andor implement relev breach notif ba contract polici procedur complianc hipaa ocr open separ investig ba
## [426] NA
## [427] cover entiti ce univers new mexico inadvert mail invoic intend third parti payer random patients’ address due error ce’ bill system protect health inform phi includ patient name patient care servic categori clinic name pharmaci date servic individu upon discov breach ce manual review bill program put hold bill program creat error ce provid breach notif hhs affect individu media result breach ce improv technic administr safeguard retrain appropri staff updat procedur ocr obtain assur ce implement correct action list
## [428] hacker gain access protect health inform phi cover entity’ ce patient ce’ busi associ ba bizmat inc inform ce pediatrician pa incid ce provid breach notif hhs affect individu media ce also creat websit inform breach post substitut notif breach mitig harm ce sent notic breach equifax transunion experian provid affect individu instruct regist fraud alert credit report agenc instruct obtain free annual credit report ce also train staff hipaa awar retain outsid counsel provid train review polici ce ba agreement ba time breach enter agreement ba juli ocr obtain assur ce implement correct action list
## [429] one hacker attack data server bizmat busi associ ba cover entiti ce ent allergi center result unauthor access bizmatics’ custom record includ ce approxim patient’ electron medic record compromis type protect health inform involv breach includ demograph clinic inform ocr open investig ce determin ce compli hipaa privaci secur rule respect busi associ contract ocr review busi associ agreement ce ba determin appear consist requir privaci secur rule ocr initi separ investig bizmat
## [430] march cover entiti ce lead narcot inspector discov month narcot report miss april ces polic notifi facil privaci offic incid report incid va network secur oper center ce provid breach notif hhs media affect individu offer credit monitor ces polic secur servic review avail close circuit televis footag determin remov document locat ce transfer duti lead narcot inspector anoth employe ocr obtain assur ce implement correct action list
## [431] march vendor orchid mps hold llc welfar benefit plan cover entiti ce improp disclos protect health inform phi mail ir form c wrong recipi breach affect individu includ address zip code name social secur number ce provid breach notif hhs affect individu ce instruct employe return human resourc c form receiv error provid free credit monitor ident theft protect individu affect breach follow breach ce termin contract vendor caus breach enter busi associ agreement new vendor ce also implement addit procedur reduc incid error c report process includ person distribut form current employe ensur form contain minimum necessari inform ocr obtain document assur ce implement correct action list
## [432] NA
## [433] case consolid exist review
## [434] cover entiti ce integr health solut ih notifi hhs potenti breach unsecur electron protect health inform ephi busi associ ba bizmat specif ba experienc hack inform technolog incid may expos ces patient record ocr obtain copi sign ba agreement ce ba ocr obtain assur ce secur rule polici procedur place review consolid anoth review ba
## [435] former employe stole printout patient list creat januari hang lock medic record room use inform send letter sever patient breach includ protect health inform phi approxim individu includ demograph inform date birth insur inform provid name cover entiti ce keyston rural health consortia inc provid breach notif hhs affect individu media ocr review ce’ recent risk analysi ensur complianc privaci secur rule obtain assur ce strengthen physic safeguard prevent similar occurr futur
## [436] cover entiti ce report ocr disclos electron protect health inform ephi inadvert sent notif individu without blind copi recipi ephi involv breach includ patient first last name email address ce provid breach notif hhs affect individu media follow breach ce revis administr procedur email communic enhanc technic measur includ encrypt desktop comput retrain staff ocr’ investig result ce enhanc practic safeguard ephi
## [437] due vendor error cover entiti ce aflac erron sent correspond contain protect health inform phi wrong custom affect policyhold type phi includ name polici number type coverag employe number premium amount depend type correspond mail addit six policyholders’ social secur number potenti compris respons breach ce retrain employe revis impermiss disclosur safeguard polici addit ce sanction manag led address standard project termin contract third parti vendor contractor involv breach ce provid breach notif hhs affect individu media notic requir incid involv resid particular state ocr obtain assur ce implement correct action list
## [438] april cover entiti ce coordin health mutual inc dba inhealth mutual busi associ ba healthscop benefit receiv communic polici holder advis receiv incorrect ir form b mail research issu determin issu result faulti program logic data compil phase form b develop process order ohio depart insur may ce dissolv consequ longer ce exist subject investig
## [439] tallahasse memori healthcar inc cover entiti ce discov employe attempt upload protect health inform phi contain patient name insur number payor financi inform number account number unauthor websit breach affect individu ce sent time breach notif hhs affect individu provid free credit monitor affect individu respons breach ce sanction respons employe flag patient account intern bill system revis websit filter block addit web site updat employe train ocr obtain assur ce implement correct action list
## [440] five months’ worth hospit label contain protect health inform phi stolen car workforc member physician park offsit cover entiti ce phi locat lock briefcas within car type phi involv breach includ patients’ name birthdat age sex treatment facil ce provid breach notif hhs affect individu media follow breach ce file report local law enforc retrain workforc member involv result ocr’ investig ce provid assur conduct full risk assess review updat polici procedur
## [441] march cover entiti ce discov malfunct certain comput workstat ce hire forens expert conclud ces server left vulner access unauthor user novemb march type protect health inform phi server includ patients’ full name social secur number date birth home address treatment note approxim individu affect breach ce provid breach notif hhs affect individu media offer free ident protect year affect individu prevent similar breach happen futur ce instal new firewal monitor incom outgo traffic server also hire new vendor secur rule expert enhanc safeguard ocr obtain assur ce implement correct action list
## [442] unauthor user obtain remot access workstat locat cover entiti ce san juan counti new mexico protect health inform phi potenti affect includ name address health assess clinic inform approxim individu result breach ce improv safeguard updat polici procedur provid affect individu free credit monitor ce provid breach notif hhs affect individu media ocr obtain assur ce implement correct action list
## [443] surgic care affili cover entiti “ce” discov march laptop comput stolen employee’ hous laptop password protect howev employee’ usernam password laptop time theft patient inform store laptop outlook email potenti cach hard drive ce open intern investig determin individu may name address date birth social secur number treatment inform health insur inform expos result incid ce provid time breach notif hhs affect individu websit media respons breach ce retrain employe involv reinforc exist hipaa polici pertain safeguard electron devic password manag provid free credit monitor affect individu whose social secur number may expos ocr obtain assur ce implement correct action list
## [444] offic cover entiti ce associ eyecar psc broken two laptop comput extern hard drive stolen breach affect individu type protect health inform phi involv breach includ patients’ name intern account number optic imag technic inform imag date birth ce provid time breach notif hhs affect individu media ce also post notif breach websit respons breach ce chang exterior lock clinic door revis polici move laptop offic began save patient inform cloud equip new laptop encrypt physic secur ce revis secur polici ocr obtain assur ce will train employe updat polici
## [445] NA
## [446] march cover entiti ce imperi valley famili care medic group apc discov laptop comput stolen unknown individu broken physician’ offic stolen laptop contain protect health inform phi approxim individu includ members’ name address social secur number date birth clinic inform follow breach ce disabl access network server stolen laptop ce provid notif hhs affect individu media pursuant breach notif rule offer affect individu one year free credit monitor follow breach ce encrypt companyissu laptop ocr obtain assur ce improv physic safeguard revis encrypt polici strengthen password requir electron system devic contain electron phi
## [447] employe respons reconcil health insur bill data pulaski counti special school district—employe benefit divis cover entiti ce sent copi reconcili individu home email account resign email contain former current employees’ health insur record includ name social secur number disabl report employe payrol deduct employe benefit divis report ce provid breach notif hhs affect individu media also notifi local law enforc ocr provid technic assist regard ce’ oblig breach notif rule implement hipaa polici procedur respons breach ce inform ocr implement addit technic safeguard prevent measur
## [448] unauthor user obtain remot access comput network locat cover entiti ce medic colleagu texa type protect health inform phi involv breach includ name address social secur number driver’ licens number health insur inform medic treatment inform approxim individu result breach ce improv safeguard updat polici procedur ce provid breach notif hhs affect individu media provid free credit monitor affect individu ocr obtain assur ce implement correct action list
## [449] NA
## [450] NA
## [451] NA
## [452] malwar infect busi associ ba bizmat inc certain electron system contain protect health inform phi cover entiti ce lafayett pain care access breach affect individuals’ phi includ diagnosescondit lab result medic treatment inform ce provid breach notif hhs affect individu media also provid substitut notic websit establish call center tollfre phone number provid free credit monitor report servic one year ce execut new ba agreement bizmat provis regard use disclosur safeguard phi made notic privaci practic avail websit ocr obtain document assur ce implement correct action note
## [453] southeast eye institut pa cover entiti ce discov busi associ ba bizmat inc suffer breach hacker access server breach affect individu includ patient name address social secur number health visit inform ce time sent breach notif hhs affect individu media post notif main page websit ce ba agreement bizmat time breach follow breach ce decid termin relationship ba termin relationship ba ce receiv certif record destruct confirm ce’ patient record store ba destroy ocr obtain assur ce implement correct action list
## [454] NA
## [455] doc alreadi approv closur letter
## [456] march custom relationship manag crm export file mismatch member address caus communic sent incorrect member address file date februari mismatch data submit print vendor distribut new member packet identif “id” card addit cover entiti ce sent name medicaid id number protect health inform phi indiana member member ces sister plan state ohio approxim individu affect breach upon discov breach ce report breach incid indiana’ state regul ce provid breach notif hhs affect individu media prevent similar breach happen futur ce correct error export file manual repopul void bad address accur address addit ce implement new technic safeguard improv qualiti assur procedur print mail order confirm accuraci ce also train busi analyst respons breach matter train workforc polici procedur regard secur awar ocr obtain document assur ce implement correct action list
## [457] march breakin occur offic cover entiti ce pruitthealth perpetr broke glass front door broke file cabinet appear medic record taken perpetr opportun access paper medic record individu type protect health inform phi contain record includ patients’ name address social secur number date birth date servic locat servic clinic inform ce provid breach notif hhs affect individu media also provid substitut notic websit ce also set toll free telephon number answer question breach follow breach ce review polici retrain staff addit ce initi crimin investig local law enforc repair door use gain access build purchas file cabinet secur lock initi search secur offic locat
## [458] laptop comput contain electron protect health inform ephi individu stolen vehicl employe equal revenu cycl manag ercm ercm busi associ ba northstar healthcar acquisit llc cover entiti ce ephi includ insur treatment inform demograph inform upon discov breach ba inform law enforc ba notifi affect individu provid substitut notic via websit media notif ba offer one year free credit monitor servic affect individu follow breach ba adopt encrypt technolog revis polici procedur conduct updat risk analysi ba also sanction workforc member involv retrain employe ocr obtain assur ba implement correct action list ocr also verifi ce proper ba agreement place restrict ba’ use disclosur phi requir ba safeguard phi
## [459] NA
## [460] busi associ ba avatar solut email satisfact survey patient visit memori medic group provid affili cover entiti ce comanch counti hospit author incorrect email address survey contain patients’ providers’ name affect individu respons incid ba updat secur manag plan implement new technic safeguard appli polici chang mitig harm implement train prevent incid respons ocr’ investig ce provid evid provid breach notif media affect individu offer affect individu year free credit monitor ident theft protect
## [461] former busi associ ba cover entiti ce children’ medic center ascend health system misconfigur file transfer protocol site ftp may allow access internet transcript document number healthcar entiti includ ce breach discov decemb howev ce ceas busi ba june transcript may contain protect health inform includ children name date birth medic attend physician name ce provid breach notif hhs affect individu media ocr obtain copi notif letter ba agreement well assur ce implement correct action list
## [462] unauthor person sent fraudul email attach trigger download ransomwar virus email address held cover entity’ ce’ busi associ ba behalf protect health inform phi involv breach includ email address ce sent email notif affect individu day incid sent anoth email notif two day later ce provid breach notif hhs affect individu media also post substitut notic web site follow breach ce assess system control provid antiscan updat employees’ email delet email address maintain ba’ system put hold futur electron distribut newslett ocr obtain written assur ce implement correct action list
## [463] NA
## [464] februari employe cover entiti ce edwin shaw rehabilit mistaken left behind day planner contain unencrypt mobil comput drive univers serial bus “usb” drive businessrel function drive contain spreadsheet file includ name medic record number insur providers’ name limit clinic inform individu ce provid breach notif hhs affect individu media follow breach ce sanction involv employe conduct mandatori privaci secur train member leadership team implement monthlong secur awar campaign employe includ hipaa educ collect unencrypt usb drive ce also deploy new form employe request encrypt mobil comput drive ocr obtain written assur ce implement correct action note
## [465] march cover entiti ce kaiser foundat health plan discov truck belong busi associ ba postag one stolen pallet print evid coverag booklet inland empir health plan member miss miss booklet contain name address generic overview cover benefit individu ce behalf ba provid breach notif hhs affect individu media respons breach ce ba review revis polici procedur requir mail unload place secur area can monitor train workforc member mail secur ce also provid ocr addit document relev breach investig includ hipaa notic privaci practic polici ocr obtain assur ce ba implement voluntari action list
## [466] februari wyom medic center cover entiti ce discov hacker compromis two employees’ email account employe succumb hacker’ phish email breach allow hacker access individuals’ electron protect health inform ephi includ name medic record number account number date hospit servic date birth medic inform follow breach result ocr’ investig ce notifi affect individu media breach chang email password scan system confirm absenc malwar provid employe addit train specif design address phish awar ocr also provid ce technic assist regard oblig safeguard ephi either transmit electron communic network via email maintain rest email server
## [467] case consolid anoth review cover entiti
## [468] cover entiti ce lake pulmonari critic care pa discov former employe remov patient medic record offic took home theft protect health inform phi affect individu medic inform includ patients’ name address phone number date birth social secur number health insur inform medic diagnos lab result medic treatment inform ce provid time breach notif hhs affect individu media respons breach ce improv safeguard instal employe locker person item instal privaci wall nurses’ station addit ce arrang hipaa train employe doctor ocr obtain assur ce implement correct action list
## [469] NA
## [470] NA
## [471] NA
## [472] februari cover entiti ce atiqu orthodont report file web server compromis potenti unauthor access one comput file server contain name date birth address phone number credit card number insur inform social secur number approxim individu ce provid breach notif hhs affect individu offer ident theft protect servic follow breach ce disconnect comput network server reconfigur disabl remot desktop connect ce also implement access control upgrad firewal antivirus antimalwar protect softwar encrypt electron protect health inform ephi addit ce develop plan perform period system audit adopt polici procedur ensur ephi store laptop desktop mobil devic updat logoff polici unattend comput ce also inventori hardwar softwar store site updat workforc member train new polici procedur ocr obtain assur ce implement correct action list
## [473] cover entiti ce oneida tribe indian wisconsin report employee’ person flash drive contain electron protect health inform ephi approxim individu stolen dental offic ephi involv breach includ name patient identif number dental insur plan number date servic follow breach ce sanction retrain employe involv breach also ce notifi employe ban use extern electron data storag devic unless encrypt approv ce result ocr’ investig ce updat polici relat breach rule notif distribut updat polici workforc ocr obtain document assur implement correct action list
## [474] cover entiti ce florida depart health discov februari addit individu affect breach previous report affect individu breach occur employe legitim access phi stole demograph inform illeg purpos ce provid breach notif hhs addit identifi individu media well post substitut notic websit follow breach ce review revis polici relat access phi began mask social secur number ocr obtain assur ce implement correct action list
## [475] cover entiti ce american fidel assur compani erron mail letter custom contain page belong anoth custom due mailroom equip malfunct manual sort employe type protect health inform phi involv breach includ providers’ name treatment date customers’ name customers’ employers’ name customers’ employ identif number approxim individu affect incid ce provid breach notif hhs potenti affect individu media ce also offer credit monitor servic ce retrain staff safeguard phi verbal reprimand employe involv incid result incid ce decid outsourc mail sort process busi associ use fulli autom sort process provid posit assur audit capabl addit ce ad qualiti control measur mail process ocr obtain assur ce implement correct action list
## [476] unit communiti famili servic cover entiti ce mistaken sent email blast advertis dental servic current former patient email address visibl recipi email email encrypt recipi access approxim individu affect breach type protect health inform phi involv breach includ name part email address impli suggest individu receiv dental servic ce ce provid breach notif hhs affect individu media result ocr’ investig ce implement plan review revis polici ensur adequ safeguard electron phi addit cover entiti retrain staff hipaa polici issu period hipaa remind staff
## [477] NA
## [478] februari american colleg cardiolog foundat busi associ ba notifi cover entiti ce sacr heart health system inc protect health inform phi inadvert transfer test environ made access four vendor work softwar develop ba ce conduct intern investig determin name date birth social secur number intern patient identif number individu expos result incid ce immedi termin access databas contain phi obtain assur vendor softwar develop phi retain made access unauthor individu respons breach ce review polici procedur retrain staff ba revis polici procedur transfer data ad addit safeguard control ensur secur phi addit ce provid breach notif hhs affect individu media post notic websit ocr obtain assur ce ba implement correct action list
## [479] januari busi associ ba bizmat discov one comput server compromis unknown individu individu hacker breach affect approxim cover entiti ce patient ce cooper ocr accept technic assist provid close busi februari base forego ocr decid investig
## [480] pim tn cover entiti pain treatment center america ocr open investig cover entiti ce pain treatment center america report hack attack busi associate’ ba bizmat data server breach result unauthor access bas custom record includ ce breach encompass individuals’ inform includ individuals’ name address date birth driver licens number social secur number claim inform diagnosescondit lab result medic treatment inform ce provid breach notif hhs affect individu media also provid ident theft credit monitor servic affect individu result ocr’ investig ce updat ba agreement ba reflect requir cfr §§
## [481] NA
## [482] indian health servic northern navajo medic center cover entiti ce report employe took protect health inform phi store public storag unit without author breach affect individu type phi involv breach includ patients’ name health record number social secur number date birth health insur polici number ce provid breach notif hhs affect individu media also notifi law enforc ocr obtain document assur ce implement improv administr technic safeguard revis hipaa polici procedur retrain staff
## [483] rma medic center florida cover entiti ce discov februari password protect compani laptop comput stolen employee’ hotel room laptop encrypt contain individuals’ protect health inform phi includ patients’ name date birth health plan identif number diagnos primari care physicians’ name ce provid breach notif hhs affect individu media post substitut notic websit also offer complimentari oneyear ident theft protect affect individu follow breach ce encrypt laptop contain phi revis certain hipaa polici improv safeguard ce educ retrain employe polici final ce sanction employe respons breach ocr obtain assur ce implement correct action list
## [484] vendor incorrect chang printer press set mainten result error print explan benefit eob letter cover entiti ce pacif gas electr compani health benefit plan ces selffund health plan administ busi associ ba kaiser permanent insur compani error impact letter individu protect health inform phi involv breach includ name address annual deduct annual pocket maximum dollar spent “year date” toward deduct pocket maximum ba provid breach notif hhs affect individu media follow breach subcontractor ba respons print eob’ updat procedur includ addit oversight workforc member addit print test printer updat mainten ocr’ investig result subcontractor ba improv safeguard print phi
## [485] mainten printer press technician incorrect chang printer set result error print explan benefit eob letter sent subcontractor behalf busi associ ba kaiser permanent insur compani error impact letter individu protect health inform phi involv breach includ name address annual deduct annual pocket maximum dollar spent “year date” toward deduct pocket maximum ba provid breach notif hhs affect individu media follow breach subcontractor ba updat procedur includ addit oversight addit print test printer updat mainten ocr’ investig result subcontractor ba improv safeguard print phi cover entiti health plan
## [486] subsubcontractor busi associ ba kaiser permanent insur compani incorrect chang set printer press mainten result error print explan benefit eob letter error impact letter individu protect health inform phi involv breach includ name address annual deduct annual pocket maximum dollar spent “yeartodate” toward deduct outofpocket maximum ba provid breach notif hhs affect individu media follow breach subcontractor ba respons print eob’ updat procedur includ addit oversight workforc member addit print test printer updat mainten ocr review applic ba agreement investig result ba improv safeguard print phi ces health plan
## [487] cover entiti ce einstein healthcar network report april march websit einsteinedu contain webpag form visitor “request appointment” allow protect health inform phi left access via internet includ demograph clinic inform ce staff use data schedul request appoint patient ce learn possibl caus websit display phi submit unexpect string charact univers resourc locat url googl access special craft url’ order attempt add web page list page can search googl ce review inform provid form determin demonstr low probabl compromis patient ce provid breach notif remain patient hhs media follow breach ce work googl inform remov index subsequ ce conduct system wide risk assess penetr test specif assess secur vulner websit chang vendor use websit creation host built test new einsteinedu websit ocr obtain assur ce implement correct action list
## [488] cover entiti ce point medic servic inc discov februari former nurs practition solicit patient new practic inform download ce octob termin decemb inform report includ patient name date birth phone number reason appoint appoint status ie show cancel etc servic site diagnos condit health insur inform includ insur provid plan type breach affect patient ce provid breach notif hhs affect individu websit various media outlet across georgia florida respons breach ce retrain workforc disabl abil download inform remov electron storag devic increas frequenc electron health record activ audit ocr obtain assur ce implement correct action list
## [489] NA
## [490] NA
## [491] march cover entiti ce morton medic center report virus encrypt mani merg document held ransom prevent ce print document requir merg data intern investig reveal ransomwar introduc system “addon” internet pay ransom hacker releas ces entir electron protect health inform ephi breach affect ephi approxim individu howev indic ephi actual upload access hacker access ephi contain name address demograph inform possibl diagnost inform follow breach ce conduct enterprisewid analysi various risk ephi develop risk manag plan ce overhaul entir inform technolog system focus strengthen physic administr technic safeguard ce also retrain workforc member implement new polici prohibit internet access busi reason ocr provid technic assist regard requir breach notif rule
## [492] NA
## [493] NA
## [494] NA
## [495] due misalign spreadsheet februari execut servic busi associ ba cover entiti ce bozeman health deaco hospit erron sent letter patient contain anoth patient’ name type protect health inform phi involv breach includ name ce provid breach notif hhs affect individu media follow breach ce implement new process send mass mail requir respons employe well manag supervisor attend hipaa refresh train requir respons employe take class specif spreadsheet softwar ocr obtain assur ce implement correct action note
## [496] decemb cover entiti ce val verd region medic center determin member medic staff impermiss use protect health inform phi sent unsecur email contain phi two unapprov person email address email phi includ patient name gender medic record number date birth modal studi date age telephon number andor account number affect individu ce provid breach notif hhs affect individu media follow breach ce revis polici procedur retrain staff ce conduct new risk analysi took action mitig identifi risk investig ocr provid technic assist regard multipl standard hipaa rule
## [497] NA
## [498] hospit special surgeri cover entiti ”ce” report employe fail safeguard phi send email without use bcc design email reveal phi patient particip research studi particip electron protect health inform ephi includ individuals’ email address general inform regard research studi ce provid notic ocr affect individu follow breach respons employe retrain provid oneonon inperson hipaa privaci inform secur train ce also increas inperson hipaa train least three time year result ocr’ investig technic assist ce expect take correct action base ocr’ guidanc ce expect revis email polici incorpor addit safeguard measur specif tailor use email retrain staff revis polici
## [499] NA
## [500] februari cover entiti ce labor fund administr offic northern california inc discov tax sent client beneficiari inadvert contain protect health inform phi unrel individu breach affect approxim individu includ name social secur number elig inform ce provid breach notif hhs affect individu media respons breach ce implement new technic safeguard creat transmit type data conduct newupd secur analysi revis hipaa polici procedur train workforc ce also provid ocr addit document includ hipaa notic privaci practic polici relev breach investig ocr obtain assur ce implement correct action list
## [501] unauthor individu hack workforc member’ email account access electron protect health inform ephi patient type ephi involv breach includ name address phone number date birth social secur number insur identif number insur inform account balanc inform cover entiti ce jasacar provid breach notif hhs affect individu media post substitut notic websit ce also provid one year free credit monitor servic affect individu follow breach ce shut workforc member’ email account reset login inform result ocr’ investig technic assist ce develop new polici regard email ephi distribut workforc member ce expect perform thorough accur risk analysi establish risk manag plan also expect implement mechan record examin activ inform system contain use ephi addit ce expect implement technic secur measur guard unauthor access ephi implement procedur ident verif access ephi provid train staff newli implement polici procedur
## [502] march password protect laptop comput backup comput drive stolen cover entiti ce vibrant bodi well result breakin laptop comput contain protect health inform phi individu includ patients’ address date birth name clinic diagnosescondit financi claim inform ce provid breach notif hhs affect individu media also notifi law enforc phi stolen extern hard drive encrypt follow breach ce train staff regard polici procedur safeguard electron phi ocr obtain assur ce implement correct action list
## [503] virtua medic group cover entiti ce report breach transcript vendor busi associ unintent misconfigur server lead exposur transcript document via internet search engin ce estim transcript document may includ electron protect health inform ephi patients’ name birthdat treatment inform offic visit ce provid breach notif hhs media affect individu post notic websit result ocr’ investig ce contact law enforc contact transcript vendor facilit remov entir site issu googl cach ce receiv assur googl remov individu patient record access via search internet search engin involv ce also termin relationship transcript vendor addit ce expect take addit correct action connect consent judgment enter ce attorney general state new jersey new jersey divis consum affair
## [504] cover entiti ce karmano cancer center lost unencrypt flash drive contain protect health inform phi approxim individu ce provid breach notif hhs affect individu media offer month credit monitor affect individu follow breach ce retrain staff publish articl newslett encrypt audit busi associ agreement ocr obtain document assur ce implement correct action list
## [505] NA
## [506] vidant health cover entiti ce discov file numer bankruptci document decemb march list protect health inform phi necessari file breach affect individu includ patient bill account number social secur number medic record number date birth telephon number sex marit status name servic date account balanc ce sent time breach notif hhs affect individu media post substitut notif websit ce provid ident theft protect affect individu one year respons breach ce revis redact bankruptci file file blank protect order seal proof claim public record also retrain applic staff ocr obtain assur ce implement correct action list
## [507] cromwel fire district cover entiti ce file breach report state door storag room contain ambul run report left prop open approxim two hour ocr investig reveal ce polici procedur place time incid conduct breach risk assess conduct breach risk assess prior file breach report ocr ocr provid technic assist ce regard conduct breach risk assess breach notif requir provis privaci rule result ocr’ investig ce conduct breach risk assess determin low probabl protect health inform compromis base follow factor build receiv visitor known receiv visitor time period ambul run report appear undisturb situat mitig door close lock soon discov thereaft ce determin breach occur addit result ocr’ investig ce revis adopt addit polici procedur implement new templat busi associ agreement
## [508] bizmat inc busi associ ba provid onlin storag manag patient health record cover entiti ce illinoi valley podiatri group discov unauthor access server ces patient file store breach affect individu electron protect health inform ephi type ephi involv breach includ diagnos condit medic treatment inform ce provid breach notif hhs media post substitut notic websit ba provid breach notif affect individu direct ce result ocr’ investig ce execut new ba agreement bizmat provis regard use disclosur safeguard protect health inform phi ocr obtain document assur ba ce implement correct action note
## [509] bizmat inc busi associ ba cover entiti ce complet famili foot care employ onlin storag manag patient health record discov unauthor access comput server ces’ patient file store breach affect individu includ clinic inform upon request ce ba provid breach notif affect individu complimentari ident recoveri servic individu victim ident theft ce also provid breach notif hhs media post substitut notic websit follow breach ba comprehens scan malwar extern vulner upgrad antivirus antimalwar program well system hardwar oper system updat server account password revis firewal configur ba also implement stricter password polici initi instal activ trafficmonitor solut network ocr obtain written assur ce ba implement correct action list
## [510] januari cover entiti ce walgreen pharmaci report theft took place one store locat broadway new york breach involv prescript number first last name date birth address medic insur inform approxim individu ce provid breach notif hhs affect individu media follow breach ce retrain pharmaci staff sanction employe whose action led breach ocr obtain document assur ce implement correct action list
## [511] januari cover entiti ce premier healthcar llc discov unencrypt laptop comput stolen administr offic bloomington indiana breach affect individu includ address zip code date birth name social secur number claim inform credit card bank account inform medic inform march miss laptop return ce mail anonym ce consult forens firm extric hard drive conduct analysi determin laptop turn one access content time miss ce provid breach notif hhs affect individu media also post substitut notic websit ce also establish tollfre telephon number individu call obtain addit inform breach follow breach ce encrypt comput improv physic safeguard implement new secur procedur ocr obtain document ce substanti implement correct action list indiana univers health southern indiana physician inc iuh acquir ce effect may part transact iuh acquir asset ce ce ceas oper except final activ wind affair
## [512] februari cover entiti ce cardiolog associ jonesboro inc discov busi associ ba document output center llc accident mail appoint remind incorrect patient due softwar error letter disclos name appoint time case appoint type approxim patient respons incid ce work ba implement process check merg file mail make sure correct ce provid breach notif hhs affect individu media ocr obtain assur ce implement correct action list
## [513] failur protect health record million person cost entiti million dollar st centuri oncolog inc co agre pay million lieu potenti civil money penalti us depart health human servic hhs offic civil right ocr adopt comprehens correct action plan settl potenti violat health insur portabl account act hipaa privaci secur rule co provid cancer care servic radiat oncolog headquart locat fort myer florida co oper manag treatment center includ center locat state center locat seven countri latin america two separ occas feder bureau investig fbi notifi co patient inform illeg obtain unauthor third parti produc co patient file purchas fbi inform part intern investig co determin attack may access co’ network sql databas earli octob remot desktop protocol exchang server within co’ network co determin individu affect impermiss access name social secur number physicians’ name diagnos treatment insur inform ocr’ subsequ investig reveal co fail conduct accur thorough assess potenti risk vulner confidenti integr avail electron protect health inform ephi fail implement secur measur suffici reduc risk vulner reason appropri level fail implement procedur regular review record inform system activ audit log access report secur incid track report disclos protect health inform phi third parti vendor without written busi associ agreement “peopl need trust privat health inform will remain exact private” said ocr director roger severino “’s just hope cover entiti will learn exampl proactiv find address secur risk ’s law requires” addit million monetari settlement correct action plan requir co complet risk analysi risk manag plan revis polici procedur educ workforc polici procedur provid maintain busi associ agreement ocr submit intern monitor plan may co file chapter bankruptci protect unit state bankruptci court southern district new york settlement ocr will resolv ocr’ claim co correct action plan will ensur reorgan entiti emerg bankruptci strong hipaa complianc program place settlement ocr approv bankruptci court decemb resolut agreement correct action plan may found ocr websit httpwwwhhsgovhipaaforprofessionalscomplianceenforcementagreementscoindexhtml
## [514] cover entiti ce citi hope receiv phish email januari caus unauthor access sever employe email account protect health inform phi involv breach includ patient name medic record number date birth address email address telephon number clinic inform test result date servic one patient social secur number financi inform approxim individu affect breach ce provid breach notif hhs affect individu media also post substitut notic follow breach ce block access form embed link contain phish email block sender phish email send addit email updat spam filter remov email inbox user receiv sent email staff advis issu addit ce began updat antiphish defens upgrad firewal ocr provid ce technic assist regard secur rule includ risk analysi risk manag
## [515] NA
## [516] NA
## [517] NA
## [518] januari foreign transcript servic subcontractor mind spring health’ former busi associ ba stratton consult servic inc mistaken publish electron protect health inform ephi internet softwar updat type ephi involv breach includ name date birth medic physicians’ note affect individu receiv treatment cover entiti ce januari march follow breach subcontractor remov inform internet ce provid breach notif hhs affect individu media subsequ breach ce establish ba agreement contractor ocr provid technic assist regard relev issu pursuant privaci secur rule
## [519] review respons entiti ocr determin breach protect health inform occur
## [520] cover entiti ce freeport memori hospit report theft comput hard drive privat offic employe devic later locat secur nonpubl area hospit ce provid breach notif hhs media affect individu includ offer free credit monitor affect individu ce also file polic report regard incid number individu affect breach protect health inform includ patients’ diagnosiscondit medic treatment inform phi follow incid ce requir user affect comput chang individu password review safeguard conduct audit determin phi access ce also implement alert system record individu affect breach implement addit safeguard record respons breach ce also expand encrypt program includ electron devic ocr obtain verif ce complet review encrypt process inform secur system polici undertaken b
## [521] NA
## [522] cover entiti ce nintendo america inc report may attack impermiss access acquir data possess busi associ ba premera data includ protect health inform phi former current particip health plan certain member blue cross blue shield associ date back ba member blue cross blue shield associ thirdparti administr health plan result former current plan particip impact ce report individu affect phi involv breach includ demograph clinic financi inform ba provid breach notif hhs affect individu media ce ba agreement place premera ocr determin nintendo complianc privaci secur breach notif rule
## [523] decemb valley hope associ employe workissu laptop comput stolen vehicl incid affect approxim individu protect health inform phi store laptop includ name address date birth phone number social secur number medic record number treatment type locat well health insur financi medic inform employe immedi report incid local polic cover entiti ce ce conduct forens analysi conclud system access follow theft follow breach ce termin computer’ access comput network reset user’ password verifi laptop open connect electron system ce encrypt devic contain phi implement use softwar mask social secur number ce also develop inform secur privaci committe updat polici procedur manual train staff updat polici procedur relat password use develop automat time out electron devic malici malwar network access right ce provid breach notif hhs affect individu media post substitut notic home page websit ocr obtain assur ce implement correct action list
## [524] cover entiti ce vancouv radiologist pc januari receiv telephon call patient receiv postcard mammogram remind anoth patient’ name ce mail postcard contain name address generic remind schedul mammogram ce submit breach notif report hhs affect individu media respons breach ce stop mail postcard remind revis mail procedur ce provid ocr addit document specif hipaa notic privaci practic polici relev breach investig ocr obtain assur ce implement correct action list ce also provid refresh remind staff member hipaa privaci polici procedur
## [525] februari cover entiti ce locust fork pharmaci discov lock one storag unit broken storag unit contain box record approxim individu protect health inform phi record includ name address birth date ce determin box stack sequenc none miss remain seal ce work local polic investig incid updat polici procedur relat breach respons breach mitig physic secur storag unit ce provid breach notif hhs post media notic geograph area two week march ocr obtain assur ce implement correct action list
## [526] NA
## [527] NA
## [528] cover entiti ce roark’ pharmaci discov januari facil broken comput hard drive contain protect health inform phi individu stolen type phi hard drive includ patient name date birth address diagnos condit medic health insur inform social secur number use id number certain insur carrier ce provid breach notif hhs affect individu ocr provid technic assist ce regard breach notif rule impermiss disclosur addit ocr provid resourc materi regard small busi privaci secur rule respons breach ce increas physic secur instal metal gate front door improv secur alarm system physic hide secur sensit equip ocr obtain assur ce implement correct action list
## [529] NA
## [530] decemb cover entiti ce allianc health network llc discov test databas contain protect health inform phi access public via internet breach affect approxim individu unsecur phi includ name address telephon number email address medic clinic inform ce provid breach notif affect individu media hhs ce also mitig effect breach immedi secur databas implement monitor test databas perform week vulner scan system updat polici ensur product data use test databas resolv breach ocr provid ce technic assist regard necessari chang polici procedur well risk manag process
## [531] decemb box contain patients’ record fell busi associate’ ba truck onto street transport inciner type phi record includ patients’ name address date birth social secur number claim inform credit cardbank inform diagnosi code lab result treatment inform ce provid breach notif hhs affect individu media also post substitut notic websit also activ call center januari th provid inform breach day provid ident protect one year affect individu respons incid ce open intern investig interview relev staff busi associ ce end busi relationship ba lee counti solid wast divis improv safeguard chang process records’ destruct ocr obtain assur ce implement correct action list
## [532] employe busi associ ba datastat erron misdirect survey individu fail follow ba’ reprint protocol printer paper jam type protect health inform phi involv breach includ demograph inform includ name address ce provid breach notif hhs affect individu ba also improv technic safeguard assist qualiti assess check sanction involv employe written warn ocr obtain document ba implement correct action step list
## [533] busi associ ba bluecrossblueshield cover entiti ce south carolina public employe benefit author incorrect mail preauthor dental letter ce’ member due comput error mail sort process name envelop match correct address breach affect individu includ financi demograph clinic inform ba provid breach notif hhs affect individu media follow breach ba revis procedur ensur data integr accuraci enhanc procedur includ qualiti control valid step ba train system support staff confirm requir employe contractor consult employ retain longer day receiv hipaa train ocr obtain assur ba implement correct action list
## [534] workforc member impermiss email protect health inform phi individu unauthor person email account belong anoth state employe relat workforc member type phi involv breach includ address date birth name identifi social secur number diagnos treatment inform ce provid breach notif hhs affect individu media follow breach cover entiti ce washington state health care author updat relev polici procedur implement addit secur measur retrain employe ce updat access manag program hire new staff focus sole manag access electron system also sanction employe involv breach ocr obtain written assur ce implement correct action list
## [535] busi associ ba seim johnson llp report behalf health care provid client health care auditor took firmissu laptop comput nonbusi weekend trip employe arriv home trip discov backpack contain laptop miss laptop contain protect health inform phi individu includ demograph clinic financi inform ba provid breach notif hhs affect individu media investig incid ba determin laptop may effect encrypt follow breach ba sanction involv employe secur offic retrain employe secur risk involv portabl devic implement new polici procedur ocr obtain assur ba implement correct action list
## [536] april cover entiti ce borgess medic centerborgess rheumatolog impermiss disclos protect health inform phi due erron use “mail merge” mix patients’ name address phi involv breach includ patients’ name medic associ borgess rheumatolog patient ce provid breach notif hhs affect individu media follow breach ce implement new process includ verif data file use mail merg includ privaci offic review also train workforc member ad inform qualiti check spreadsheet involv patient inform ocr obtain document assur ce implement correct action note
## [537] novemb novemb employe cover entiti ce rite aid pharmaci store obtain customers’ credit card inform along person identifi use commit credit card fraud incid affect individu electron protect health inform ephi involv includ patients’ name address date birth credit card inform result breach ce conduct intern investig sanction employe respons incid revis polici regard handl payment card ce provid breach notif hhs affect individu media provid one year free credit monitor servic ocr provid ce technic assist regard requir hipaa secur rule respect risk analys develop risk manag plan implement procedur review record inform system activ grant access ephi deploy audit control case employe sanction includ termin employ
## [538] extern hard drive contain clinic demograph inform approxim individu inadvert fell garag can around novemb cover entiti ce grx hold llc dba medicap pharmaci provid breach notif hhs affect individu media respons breach ce adher extern hard drive wall initi chang elimin use extern hard drive data backup also sanction retrain involv employe ocr obtain document ce implement correct action step
## [539] louisiana healthcar connect cover entiti ce report former workforc member download electron protect health inform ephi individu type ephi includ full name medicaid identif number effect date date birth phone number address inform ce provid breach notif hhs affect individu media also notifi law enforc addit ce implement improv administr technic safeguard disabl involv workforc member account access revis polici procedur retrain staff ocr obtain document assur ce implement correct action list
## [540] patients’ empti paper file folder protect health inform phi appear front cover improp dispos employe put regular trash phi cover includ patient date birth medic record number guarantor name approxim individu affect breach cover entiti ce provid breach notif hhs affect individu media notif letter inform individu hotlin establish address question provid hotlin phone number prevent similar breach happen futur ce sanction involv employe counsel remain staff regard matter ocr obtain assur ce implement correct action list
## [541] communiti merci health partner cover entiti ce report law enforc offici found paper record belong ce dumpster breach affect individu inform consist record relat lab studi perform ce includ demograph clinic inform patient name address date birth driver’ licens inform social secur number diagnosi condit inform lab result medic treatment inform ce respond breach conduct investig determin caus breach provid notic affect breach provid substitut notic websit offer free credit monitor individu whose social secur number financi inform may compromis breach ce took voluntari action dismiss subcontractor involv breach project reeduc properti contractor involv breach busi associ agreement reiter train handl storag dispos phi requir project begin reeduc laboratori leader staff record retent immedi reduc number remain record slate longterm storag accord record retent dispos polici implement new intern control aid mitig risk ocr obtain assur ce implement correct action note
## [542] cover entiti ce learn busi associ ba mislabel certain packag contain lancet devic devic sent deliv correct address ship label state wrong name ces member label includ wrong member’ name inform incorrect infer individu receiv lancet devic ce diabet breach affect individu ce provid breach notic hhs affect individu follow breach ce termin relationship ba ad qualiti assur process communic new process staff ocr obtain document assur ce implement correct action list
## [543] ce sent email remind approxim cobra particip regard premium due date inadvert display email address individu receiv remind email contain name identifi individu plan particip upon discov breach ce implement addit technic safeguard prevent similar incid occur ce sanction workforc member respons error retrain workforc member polici regard email electron phi ce provid breach notif hhs affect individu media ce also amend breach notif polici procedur better clarifi notic requir specifi breach notif rule ocr obtain assur ce implement correct action list
## [544] ocr open investig cover entiti ce new west health servic dba new west medicar report employee’ unencrypt laptop comput stolen hotel meet room type electron protect health inform ephi involv breach includ demograph inform social secur number medicar claim number financi inform diagnos medic histori prescript inform affect individu ce provid breach notif hhs affect individu media provid individu free credit monitor ident theft protect servic follow breach ce improv safeguard recal laptop ensur encrypt instal geoloc capabl laptop instal remot wipe softwar companyissu blackberri devic ce also sanction employe whose laptop stolen retrain staff hipaa privaci secur requir creat new data incid respons plan ocr obtain assur ce implement correct action note due financi consider ce announc will ceas oper fulfil insur plan requir
## [545] april novemb cover entiti ce hawaii medic servic associ mistaken sent care manag letter incorrect address affect approxim patients’ protect health inform phi type phi involv breach includ name impli suggest individu may certain medic condit ce provid breach notif hhs affect individu media follow breach ce updat risk analysi risk manag plan enhanc physic secur ocr obtain assur ce implement correct action note
## [546] cover entiti ce cdcnioshworld trade center health program discov mail sent via us postal servic usp contain protect health inform phi damag en rout recipi page miss upon receipt miss document contain name provid name number medic code date servic treatment inform individu ce provid breach notif hhs affect individu substitut notic websit ce also set toll free telephon number answer question notif promin media outlet requir breach affect individu resid region respons breach ce request usp conduct mail recoveri search locat lost andor unidentifi page miss document found ocr obtain assur ce implement correct action list
## [547] decemb blue shield california cover entiti ce discov server breach via social engin call center costa rica breach affect patients’ protect health inform phi type phi involv includ patients’ name address date birth social secur number ce provid breach notif hhs affect individu media respons breach ce disabl exist login credenti manual distribut new password train call center workforc member risk social engin implement twofactor authent extern access network via virtual privat network vpn ce also provid ocr addit document relev breach investig includ hipaa notic privaci practic polici ocr obtain assur ce implement correct action list
## [548] ocr close investig determin cover entiti ce close medic practic longer ce
## [549] cover entiti gs medic associ llc“ce” report breach state unknown individu encrypt file desktop comput prohibit ce access protect health inform phi least patient initi report estim number patient affect though later ce file addendum reduc number affect patient health inform compromis includ patient name date servic progress note ce provid breach notif hhs updat safeguard polici implement antivirus solut result investig ocr provid technic assist ce expect notifi affect individu impermiss disclosur document impermiss disclosur affect individuals’ medic record conduct risk analysi implement risk manag plan implement secur incid polici procedur ocr state expect ce will ensur staff train new polici procedur secur awar privaci rule train
## [550] NA
## [551] NA
## [552] log book signin book contain inform cover entity’ ce patient stolen offic return anonym letter logbook contain patients’ full name name procedur conduct patient breach affect patient ce provid breach notif hhs affect individu media ce conduct full review incid file polic report also review modifi safeguard polici intern procedur implement new log procedur updat softwar retrain staff receiv new polici ce’ shred vendor secur dispos log book ocr obtain assur ce implement correct action list
## [553] unauthor thirdparti access protect health inform phi accord forens firm cover entiti ce pittman famili dental retain investig abnorm activ comput server approxim individu affect breach server includ full name social secur number individu driver’ licens number date birth home address treatment note insur inform ce provid breach notif hhs affect individu media prevent similar breach happen futur ce scrub reinstal server instal antivirusmalwar solut contract compani provid updat risk analysi addit train ocr obtain written assur ce implement correct action list
## [554] NA
## [555] workforc member email document contain person identifi inform pii protect health inform phi patient employe person email address breach involv pii phi individu breach inform includ name date birth patient identif number health care provid inform follow breach cover entiti ce hillsid provid breach notif hhs affect individu media also sanction workforc member involv implement safeguard retrain staff ocr obtain assur ce implement correct action list
## [556] cover entiti ce michael benjamin md inc report offic file cabinet broken patient chart contain protect health inform phi taken type phi involv breach includ demograph inform record vital sign insur elig inform copi insur card driver’ licens identif although patient chart cabinet actual taken recov law enforc ce provid breach notif affect individu hhs media follow breakin ce implement robust hipaa polici procedur ce improv safeguard reinforc physic secur offic ocr obtain assur ce implement correct action note
## [557] ce report employee’ unencrypt laptop comput stolen vehicl ce determin laptop passwordprotect potenti includ local copi email contain individuals’ name address date birth social secur number phone number insur number diagnos referr identif number medic record number ce provid breach notif hhs affect individu media time incid ce process acquir anoth facil encrypt laptop own facil respons breach ce took addit step locat secur remain laptop own facil acquir ce implement addit technic safeguard prevent similar breach sanction involv workforc member ocr obtain assur ce implement correct action list
## [558] cover entiti ce st psychotherapi llc burglar sometim octob octob laptop comput contain electron protect health inform ephi approxim individu stolen laptop comput contain patients’ name driver’ licens number date birth social secur number clinic demograph inform ce provid breach notif hhs affect individu media also file polic report prevent similar breach happen futur ce chang lock offic ce also encrypt laptop replac stolen one complet train safeguard phi use disclosur phi ocr obtain written assur ce implement correct action note
## [559] octob cover entiti ce alina health discov janitori vendor erron place patients’ protect health inform phi trash dumpster breach affect individu type phi involv includ financi demograph clinic inform ce provid notif breach hhs affect individu media also post substitut notic websit follow breach ce investig breach updat physic safeguard polici educ workforc updat polici ocr obtain copi ce’ busi associ agreement iron mountain phi dispos servic ocr obtain document assur ce implement correct action taken respons breach incid
## [560] cover entiti ce sent email contain patients’ name address date birth insur identif number email address outsid compani decemb ocr receiv notif whiteglove’ attorney whiteglov ceas healthcar busi activ effect august ocr verifi inform statement post whiteglove’ websit circumst whiteglov longer ce subject requir hipaa
## [561] laptop comput cover entiti ce ocean acquisit inc stolen workforc member’ vehicl electron protect health inform ephi laptop includ patient first last name diagnos date treatment date birth insur provid medic record number approxim individu upon discov theft ce file report counti sheriff offic addit ce provid breach notif hhs affect individu media ce also improv safeguard sanction involv workforc member retrain staff ocr obtain assur ce implement correct action list
## [562] busi associ ba snowman group work behalf cover entiti ce belgrad health center erron mail letter patient contain name anoth individu due print mistak affect individu protect health inform involv includ name indic treatment relationship ce ce provid breach notif hhs affect individu media follow breach ce chang templat letter prevent print mistak occur ocr review ba agreement ce ba obtain assur ce implement correct action note
## [563] cover entiti ce mistaken mail protect health inform phi unauthor individu follow folderinsert machin error approxim individu includ depend ces subscrib affect breach erron bill statement mail includ name address php member identif number premium amount ce provid breach notif hhs affect individu media prevent similar breach happen futur ce implement formal audit checklist requir independ verif mailroom personnel ocr obtain assur ce implement correct action list
## [564] cover entiti ce fide care mail explan benefit eob letter wrong member eob contain name address identif number recent claim activ individu ce provid breach notif hhs affect individu offer credit monitor upon discov breach ce perform risk assess result ocr’ investig ce revis safeguard polici regard print document contain protect health inform phi implement qualiti review process assist inspect outgo mail contain phi addit ce sanction retrain employe involv breach
## [565] cover entiti ce fide care mail diabet kidney health letter wrong member letter contain name address identif number individu ce provid breach notif hhs affect individu offer credit monitor upon discov breach ce perform risk assess result ocr’ investig ce revis safeguard polici regard print document contain protect health inform phi implement qualiti review process assist inspect outgo mail contain phi addit ce sanction retrain employe involv breach ocr obtain assur ce implement correct action list
## [566] cover entiti ce new mexico depart health experienc breach protect health inform phi affect individu workforc member’ laptop comput stolen lock vehicl octob laptop contain patients’ name date birth diagnos medic ce provid breach notif hhs affect individu result incid ce investig incid modifi procedur ensur inform technolog equip deliv direct depart laptop automat encrypt ce also initi process identifi laptop across enterpris full disk encrypt instal revis secur awar train includ protectionloss prevent mobil devic addit ce procur mobil devic manag system secur event incid manag solut develop implement schedul tool ocr obtain assur ce implement action list
## [567] octob cover entiti ce northwest primari care group discov former employe prior termin impermiss access download inform desktop comput within facil local law enforc notifi ce former employe access print fiftytwo page document contain protect health inform individu type phi contain document includ name patient one follow social secur number date birth credit card andor bank account inform ce notifi hhs affect individu media pursuant breach notif rule also offer one year free credit monitor affect individu follow breach ce implement technic safeguard revis hipaa polici procedur retrain workforc member ocr obtain satisfactori assur ce implement correct action note
## [568] NA
## [569] NA
## [570] four middlesex hospit employe respond phish email result disclosur protect health inform phi individu inform access includ patients’ name address date birth social secur number cover entiti ce provid breach notif hhs affect individu media ce also set dedic call center answer question affect individu provid affect individu month credit monitor servic cost follow breach ce develop mandatori phish awar respons train program employe requir addit train supervisor manag provid staff addit mitig includ design march “cyber awareness” month includ implement number tool educ staff cyber threat separ person meet train employe whose account compromis procur vendor conduct social engin test assess effect ces staff train ce also upgrad antivirus program will continu util secur report tool purchas detect breach ocr obtain assur ce implement correct action step list
## [571] earli septemb cover entiti ce camel back women’ health discov former employe retain copi patients’ document solicit ce’ patient practic type protect health inform phi document includ name address social secur number date birth diagnos medic condit medic treatment inform ce provid breach notif hhs affect individu media respons breach ce ask former nurs practition return andor destroy patients’ phi possess hire lawyer ensur former employe sign affidavit return document addit ce revis polici procedur retrain workforc member ce also provid ocr addit document includ hipaa notic privaci practic polici relev breach investig ocr obtain assur ce implement correct action list
## [572] due print error explan benefit form erron mail member contain protect health inform phi print front side anoth member’ phi print back side breach affect approxim individu includ financi demograph clinic inform cover entiti ce blue cross blue shield nebraska also act ba number selfinsur health plan ceba provid breach notif hhs affect individu media also develop new polici address mechan print error train print facil employe new polici ceba mitig potenti effect flag review claim six month misus dental data affect individu ocr obtain written document ceba implement voluntari correct action list
## [573] octob univers colorado health cover entiti ce discov nurs work one ce’ network hospit impermiss access individuals’ medic record octob septemb ce discov nurse’ impermiss access anonym individu telephon ce’ privaci hotlin regard nurse’ suspect conduct carri impermiss access nurs util ce’ electron health record ehr applic ce provid breach notif hhs media affect individu base breach ocr’ investig ce sanction nurs termin access ehr ce also retrain nurs staff regard use ehr accord hipaa ce report similar breach ocr ocr consolid unresolv issu breach review along relat complianc concern aris ce’ breach
## [574] NA
## [575] NA
## [576] former peacehealth mploye continu access electron protect health inform ephi cover entiti ce patient websit use thirdparti prior author insur verif approxim individu affect breach type ephi involv breach includ name address date birth social secur number diagnosescondit medic medic record number payor identif number respons breach ce implement databas track employe third parti portal access databas will alert manag employe leav employ portal compani will immedi contact termin access ce provid breach notif hhs affect individu media ce also provid one year free credit monitor individu whose social secur number includ breach ocr provid ce technic assist regard risk analysi risk manag provis secur rule
## [577] unencrypt password protect laptop comput contain protect health inform phi approxim individu stolen cover entiti ce dermatolog center lewisvill laptop use storag devic individu name imag individu skin condit result ocr’ investig ce adopt encrypt technolog updat risk analysi implement correspond risk manag plan improv physic secur retrain workforc member revis polici procedur
## [578] cover entiti “ce” new dimens group llc discov septemb three unencrypt flash drive report miss breach affect individu protect health inform phi potenti expos includ name date birth social secur number driver’ licens number clinic inform ce provid time breach notif hhs affect individu websit media notif issu duplin time star news ce provid free credit monitor affect individu month respons breach ce ban use flash drive develop polici procedur media devic control updat polici procedur protect patient phi ce purchas new softwar encrypt email contain phi train employe polici procedur ocr obtain assur ce implement correct action list
## [579] septemb employe unencrypt passwordprotect laptop comput stolen vehicl comput contain protect health inform phi patient includ address name date birth clinic diagnos financi inform social secur number email address physician inform health insur inform treatment inform medic inform ce pathway profession counsel provid breach notif hhs affect individu media respons breach ce engag third parti encrypt comput retrain employe may use disclos access phi also revis hipaa complianc plan implement polici requir encrypt mobil devic access grant implement polici requir reason secur measur employe use electron devic ce also sanction employe involv breach ocr obtain assur ce implement correct action list
## [580] print error affect individu live state cover entiti ce print two custom letter one sheet paper front back mail custom protect health inform involv breach includ name mail address medic inform ce provid breach notif hhs affect individu provid free credit monitor servic prevent print error occur futur ce implement new letter creation procedur ocr obtain assur ce implement correct action note
## [581] workforc member cover entiti ce alaska orthoped specialist impermiss sent copi electron protect health inform ephi person email account decemb april potenti affect approxim individu ephi includ demograph financi clinic inform ce provid breach notif hhs affect individu media ce establish websit relat call center offer identitytheft protect charg discov breach ce hire digit servic consult investig matter audit company’ comput server email identifi scope content breach ce issu “ceas desist” letter former employe demand former employe take step secur inform return ce secur store remain paper record comput server contain ephi ocr verifi busi oper sole practition offici dissolv decemb
## [582] NA
## [583] septemb cover entiti ce arci healthcar llc dba midland orthopaed discov unknown parti identifi “slyhacker” access patient databas databas contain name address phone number individu databas hous third parti internet site ce’ busi associ planethostingcom ce provid breach notif hhs affect individu media respons breach ce remov databas internetbas comput server hire digit forens firm investig implement plan secur databas contain protect health inform ocr obtain assur ce implement correct action list
## [584] cover entiti ce report breach concern theft laptop comput medic offic laptop use eye scan contain name date birth medic record number patient ce provid breach notif hhs affect individu media result ocr’ investig prevent similar breach happen futur ce undertook comprehens risk analysi encrypt mobil devic ensur physic safeguard place also retrain employe revis secur polici procedur
## [585] fbi notifi cover entiti ce oh muhlenberg llc septemb inform system infect malwar known “quakbot” base ce’ intern investig determin malwar may present system earli januari may affect entir patient databas patient type protect health inform phi involv includ name date birth address phone number driver’ licensesst identif inform social secur number credit cardbank account number health insur inform clinic inform respons breach ce decommiss affect comput replac older comput hardwar implement revis polici procedur improv antivirus protect provid secur awar train workforc ce provid breach notif hhs affect individu media websit ocr obtain assur ce implement correct action list
## [586] NA
## [587] ocr open investig cover entiti ce good care pediatr llp report trojan hors virus affect one comput devic caus patient bill file access unauthor individu onlin januari april incid affect individu type electron protect health inform ephi involv includ patients’ name address telephon number date birth diagnosi code result breach ce shut extern access unsecur comput devic conduct full virus malwar scan comput devic chang password router firewal administr workforc member ce also encrypt patients’ bill file retrain workforc member respect hipaa polici procedur updat risk analysi risk manag plan ocr provid ce technic assist regard execut risk analys implement procedur guard detect report malici softwar
## [588] mail contain estim payment eop document damag transit cover entity’ ce busi associ ba emdeon bank via unit parcel servic up septemb unit state postal servic return page page mail ce breach incid involv protect health inform phi approxim individu includ date servic member name health plan member identif number procedur code ce investig breach unabl determin fault ce provid breach notif hhs affect individu media follow breach ce work ba develop implement procedur reduc number paper document transmit result ocr’ investig ocr review copi correspond ba up regard matter ba agreement ce’ hipaa polici procedur
## [589] septemb busi associ ba standard regist erron mail announc concern retir cover entiti ce rush univers medic center result misdirect letter sent wrong patient associ clinic breach affect individu includ patients’ name ce provid breach notif hhs media affect individu provid substitut notic websit ce also enter ba agreement standard regist creat polici procedur establish qualiti measur mass mail ocr obtain document confirm ce implement correct action list
## [590] NA
## [591] workforc member children’ medic clinic east texa cover entiti ce took pictur protect health inform phi display workstat comput disclos pictur former workforc member phi potenti includ name date birth diagnos treatment inform individu upon discov breach ce file polic report ce provid breach notif hhs affect individu media ce also improv physic secur administr technic safeguard retrain staff ocr obtain assur ce implement correct action list
## [592] juli cover entiti bon secour st franci health system inc receiv complaint employe commit insur fraud involv bill coworkers’ insur experiment topic cream ce audit electron system contain protect health inform phi conclud octob employe access phi patient without discern profession need type phi involv breach includ patient name date birth address diagnos treatment plan scan insur card driver’ licens ce provid breach notif hhs affect individu media respons incid ce review polici retrain staff assess whether behaviorbas audit softwar program appropri addit current secur measur ocr obtain assur ce implement correct action list ce also termin involv employe employ
## [593] cover entiti ce florida depart health children’ medic servic discov employe fax email roster patient need medic suppli medic vendor polici medic suppli vendor receiv name patient will direct suppli orthoped suppli protect health inform phi email roster includ patient name date birth insur inform individu ce provid breach notif hhs affect individu media also post substitut notic websit ce also set toll free telephon number answer question respons breach ce ceas practic send daili roster contain patient inform vendor ce sanction retrain employe involv breach retrain employe hipaa polici procedur ocr obtain assur ce implement correct action list
## [594] due process error busi associ ba envisionrx mail letter cover entity’ ce member contain member protect health inform phi name medic date servic individu involv breach ba provid breach notif hhs affect individu media ba respond breach implement addit qualiti control procedur updat breach rule notif polici train appropri staff result ocr’ investig ba updat ba agreement ce orangeulst school district health plan ba also provid ocr document correct action
## [595] review consolid review aspir home care hospic
## [596] workforc member took patients’ protect health inform phi sever extern comput hard drive employ cover entiti ce huntington medic research institut termin type phi involv breach includ various financi demograph financi inform ce provid substitut notic notic media notic ocr pursuant requir breach notif rule follow breach ce work workforc member’ counsel recov phi secur manner engag forens expert confirm phi recov ce also reassign privaci secur respons began consid need augment privaci secur staff ce improv safeguard encrypt comput workstat well phone access phi respons ocr’ investig ce develop comprehens enterprisewid risk analysi report correspond risk manag plan
## [597] upon review inform provid report entiti ocr determin materi identifi breach report meet definit protect health inform employ record ie human resourc data
## [598] NA
## [599] septemb cover entity’ ce busi associ ba rr donnelli inadvert place individu health insur claim number hicn outsid envelop contain benefit inform packet mail ces member hicn medicar beneficiari identif number typic contain beneficiari social secur number breach affect individu ce behealthi florida provid breach notif hhs affect individu media ce discuss ba develop standard procedur ad hoc manual member mail use event autom process unavail also made process procedur chang prevent similar breach futur ocr obtain assur ce implement correct action list
## [600] NA
## [601] cover entiti ce texa health human servic commiss detect unauthor remot login activ asia comput server belong busi associ ba emerg health network compromis brute forc attack attack potenti affect name address date birth demograph financi clinic treatment inform approxim individu discharg el paso counti jail follow breach ba retir outdat softwar implement new polici procedur requir regular patch softwar instal new intrus protect detect system updat firewal strengthen configur server implement internet protocol filter also implement new train program workforc member follow ocr’ investig ba updat breach notif polici
## [602] juli physician email spreadsheet contain patients’ name clinic inform vendor cover entiti ce nephropatholog associ plc consid potenti project ce notifi hospit refer patient ce provid breach notif hhs affect individu ce contact media impermiss disclosur affect less patient one state follow breach ce obtain assur vendor destroy file email receiv ce creat use protect health inform phi electron phi ephi copi transfer entiti result incid ce issu written warn respons workforc member also retrain employe regard safeguard phi ce remind workforc member safeguard phi includ ephi ocr obtain assur ce implement correct action list
## [603] employe busi associ ba centen manag compani impermiss download sever data file contain protect health inform phi individu unauthor remov storag devic resign organ former employe return compani issu laptop march howev violat standard procedur laptop connect network processingreimagin time return allow impermiss download go undetect octob data loss prevent tool discov impermiss download former employee’ laptop connect network process phi involv breach includ name address date birth medic identif number case social secur number phi download belong member cover entiti bridgeway health solut superior health plan ba provid breach notif hhs affect individu media also provid substitut notic respons breach ba implement communic polici help ensur time process return inform technolog equip also implement polici softwar solut prohibit download data unauthor extern storag ocr provid technic assist regard risk analysi risk manag provis secur rule
## [604] octob cover entiti ce univers oklahoma health scienc center report breach affect approxim individu unencrypt laptop comput use former physician pediatr urolog program stolen vehicl laptop contain protect health inform phi includ patients’ first last name medic record number date birth case patients’ age physicians’ name diagnosi treatment andor bill code ce provid requir breach notif hhs affect individu media follow discoveri incid ce implement addit technic safeguard devic contain electron phi retrain workforc member regard safeguard phi ce also revis physician exit interview requir physician attest phi remov person own devic time departur ocr obtain assur ce implement correct action list
## [605] cover entiti ce ssm health cancer care erron mail letter address patient due use inaccur electron file breach affect individu includ individuals’ name infer treatment relationship ce provid breach notif hhs affect individu media ce perform root caus analysi identifi risk area opportun strengthen control also retrain individu erron sent mail ce also creat new polici procedur patient mail ocr obtain document evidenc ce implement correct action list
## [606] octob cover entiti ce john hopkin hospit report physician’ unencrypt laptop comput store electron protect health inform ephi individu stolen intern airport belong type ephi contain laptop includ physician name patient name medic record number clinic inform ce provid breach notif hhs media affect individu offer credit monitor ce sanction physician involv accord ces hipaa sanction polici ce also circul broadcast remind workforc member exist polici requir devic contain may contain phi encrypt password protect ocr obtain assur ces portabl devic store ephi requir use ces encrypt program addit ce submit copi recent risk analysi risk manag program ocr also provid ocr inform relat new encrypt program inform user complianc send websit refer local administr ocr obtain assur ce implement correct action list
## [607] octob aspir home care hospic cover entiti ce experienc two similar breach incid breach incid involv phish scam googl email account two ce employe type protect health inform phi involv breach includ demograph inform social secur number treatment inform one breach report estim individu affect second estim individu later number amend sinc ce determin person alreadi account initi breach report respons breach incid ce took certain correct action includ limit implement addit technic safeguard prevent futur secur incid natur result extens technic assist provid ocr ce took correct action launch phish campaign better train educ workforc member regard potenti phish incid implement addit privaci secur polici procedur ensur full complianc privaci secur rule ce conduct updat risk analysi implement correspond risk manag plan ce also offer affect individu ident theft monitor servic one year cost
## [608] NA
## [609] septemb zipper bag stolen deliveri servic vehicl monthend report insur data servic busi associ ba cover entiti ce clayston clinic associ ba report breach affect individu type protect health inform phi involv breach includ patients’ name date servic balanc insur provid diagnost procedur code address phone number ba investig breach assur theft report polic ba provid breach notif hhs affect individu media ba also updat procedur util secur client portal transmit phi client result ocr’ investig ba creat polici procedur relat safeguard phi use disclos phi breach rule notif train staff polici ocr obtain written assur ce complet correct action list
## [610] septemb cover entiti ce careplus health plan discov “late enrol penalti premium statements” mail member septemb mail incorrect member print apparatus accid program insert two statement per envelop instead one type protect health inform phi involv mail includ name address identif number member respons breach ce mail correct statement sanction respons employe retrain employe print correspond depart ce provid breach notif hhs affect individu websit media ocr obtain assur ce implement correct action list
## [611] NA
## [612] octob baptist health arkansa health group ce report breach workforc member access download electron protect health inform individu ce provid breach notif hhs affect individu media workforc member left ce conduct health care servic anoth ce ocr determin investig incid breach consid continu coordin care
## [613] humana inc cover entiti ce discov august market staff employee’ briefcas contain encrypt laptop comput unsecur paper document stolen lock vehicl ce investig determin stolen document contain protect health inform phi individu includ full name date birth clinic name health insur inform ce issu new health insur member identif number affect individu provid time breach notif hhs affect individu websit media respons breach ce retrain workforc dissemin guidanc materi specif address proper handl safeguard phi revis procedur elimin transport phi paper format ocr obtain assur ce implement correct action list
## [614] august cover entiti ce kindr nurs center west llc discov passwordprotect offic comput stolen lock offic within facil type protect health inform phi contain comput includ name patient one follow admiss discharg date facil name patient id number certain accountingrel inform ce provid breach notif hhs affect individu media ocr obtain assur ce improv physic safeguard revis encrypt polici strengthen password requir retrain workforc member
## [615] NA
## [616] NA
## [617] cover entiti ce sunquest inform system report juli unencrypt laptop comput stolen workforc member’ car ce determin breach affect electron protect health inform ephi associ approxim individu type ephi affect breach includ patients’ address date birth name social secur number medic record number health insur inform bill code diagnosi inform lab result ce provid breach notif hhs affect individu media offer year free credit monitor affect individu follow breach ce sanction respons workforc member provid addit train workforc member result ocr’ investig ce implement encrypt technolog updat relev polici procedur
## [618] august employe cover entiti ce barrington orthoped specialist ltd discov laptop electromyographi emg machin stolen vehicl laptop emg machin contain name date birth clinic demograph inform approxim individu ce provid breach notif hhs affect individu media also file polic report prevent similar breach happen futur ce ad addit unit inventori stop transport emg machin ce also retrain counsel employe involv matter hipaa polici procedur ocr obtain review document substanti ces action taken respons breach incid
## [619] ocr investig cover entiti ce skin cancer center arizona ce report breach individuals’ protect health inform phi learn juli former employe possess phi ces offic disclos former employee’ new employ employ end march breach affect patient name date birth telephon number insur compani name reason appoint ce provid breach notif hhs affect individu media respons ocr’ contact matter ce retriev breach phi ensur former employe former employee’ new employ longer copi phi ceas use disclosur phi ce also took step retrain workforc member implement regular workforc hipaa remind increas physic secur employe workspac ocr obtain document ce implement correct action
## [620] heartland clinic cover entiti defin privaci rule patient self pay
## [621] former employe cover entity’ ce busi associ ba cvs health impermiss exfiltr ce’ member inform system save protect health inform phi onto person comput phi involv breach includ full name member identif number health card number plan code state start end date breach affect approxim individu ce provid breach notif hhs affect individu media also provid substitut notif ce also offer individu one year free ident theft protect membership result incid ce requir ba improv safeguard enhanc secur ba’ fraud manag tool databas contain phi updat secur procedur ocr review ce’ polici procedur andor document relat impermiss disclosur safeguard busi associ breach notif obtain assur ba implement correct action list
## [622] case consolid anoth review cover entiti
## [623] may ocr receiv anonym complaint alleg protect health inform phi patient cover entiti ce dr daniel sheldon md pa access internet via googl ocr confirm alleg identifi web search result contain privat medic record websit associ practic follow investig ocr practic submit breach notif hhs septemb report phi approxim patient potenti viewabl onlin includ address date birth name clinic inform respons incid ce contact electron medic record “emr” host compani io health system “ios” immedi secur inform conduct intern investig io chang file locat practice’ emr record renam file structur obfusc file directori conduct standard secur inspect began audit trail review determin unauthor access ces record addit ce ensur user share document link via nonsecur method chang password user confirm usernam password confidenti polici employe ensur proper antivirus spywar applic instal verifi firewal proper configur latest version secur upgrad respons ocr’ investig practic provid evid provid breach notif hhs affect individu media offer ident theft protect servic also termin relationship emr system host compani io enter revis busi associ agreement new emr host compani final ce creat new polici regard breach notif procedur
## [624] louisiana state univers health scienc center – new orlean cover entiti ce report unencrypt laptop stolen physician’ person vehicl result theft protect health inform phi approxim individu type phi involv breach includ clinic demograph inform follow breach ce notifi hhs affect individu media result ocr’ investig ce began identifi unencrypt electron devic encrypt implement method address data backup ocr obtain assur ce implement correct action list
## [625] cover entiti ce affin health plan inc mistaken sent renew letter member contain differ member’ name address children’ name identif number coverag inform breach affect head household children ce provid breach notif hhs affect individu media follow breach ce place hold outgo bulk mail result ocr’ investig ce review revis organization’ mail procedur ensur compli minimum necessari standard qualiti standard ce also retrain staff updat polici procedur hipaa safeguard members’ phi ocr obtain assur ce implement correct action note
## [626] NA
## [627] cover entiti ce blue cross blue shield north carolina discov august busi associ ba edm america accid sent invoic member contain inform member affect individu type protect health inform phi invoic includ member name address intern account number group number coverag date premium amount due ce provid breach notif hhs websit media ba sent individu notif behalf ce respons breach ba retrain staff revis intern valid qualiti control procedur ocr obtain assur ce implement correct action list
## [628] cover entiti ce blue cross blue shield north carolina discov august accid sent payment letter member contain inform member affect individu type phi letter includ member name telephon number health plan effect date exchang identif number payment amount intern payment identif number ce provid breach notif hhs affect individu media post substitut notic websit respons breach ce revis mail procedur implement twostep verif process materi mail ocr obtain assur ce implement correct action list
## [629] NA
## [630] NA
## [631] cover entiti ce lee memori health system erron sent letter patient incorrect patients’ name due administr error ce determin protect health inform phi individu involv breach includ name physicians’ name specialti ce provid breach notif hhs affect individu media follow breach ce review incid determin breakdown occur identifi opportun improv addit ce improv administr safeguard implement new procedur data request ce also retrain respons workforc member ocr obtain assur ce implement correct action list
## [632] NA
## [633] juli cover entiti ce minneapoli clinic neurolog ltd discov laptop comput miss one clinic breach affect approxim individu type protect health inform phi involv breach includ patient name address ce provid breach notif hhs affect individu media follow breach ce sanction involv employe written warn distribut comput network internet access polici employe retrain employe ahead annual train ce also implement polici procedur contain new hipaa privaci secur handbook increas technic secur safeguard mobil electron devic updat secur virtual privat network softwar ocr obtain assur ce implement correct action list
## [634] metropolitan atlanta rapid transit author marta act behalf selfinsur health plan mail voluntari critic ill insur form incorrect employe correspond contain protect health inform phi includ name address social secur number date birth marta conduct breach assess provid breach notif hhs affect individu media respons incid marta develop standard oper procedur benefit offic handl employees’ phi train employe new procedur staff will prepopul employe form applic worksheet confirm statement individu identifi inform will send document contain individu identifi data intern print shop ocr obtain assur marta implement correct action list
## [635] employe merit health northwest mississippi cover entiti ce impermiss obtain protect health inform phi ident theft fraud purpos photograph document person mobil devic write patient inform notebook remov paper medic record facil work law enforc conduct intern investig ce determin stolen patient inform includ name date birth address social secur number medic record number health insur clinic inform individu ce provid time breach notif hhs affect individu media addit ce offer free credit monitor affect individu provid substitut notic websit respons breach ce retrain employe revis polici print social secur number employe fault incid longer employ ce ocr obtain assur ce implement correct action list
## [636] june cover entiti ce robert soper md discov electron protect health inform ephi maintain breach desktop comput stolen trunk car approxim individuals’ ephi affect breach breach affect follow type ephi patient name date birth phone number clinic note email ce provid breach notif hhs affect individu media ocr provid ce guidanc materi technic assist regard hipaa secur rule complianc respons ocr’ technic assist ce implement secur awar train program encrypt technolog within medic practic
## [637] cover entiti ce report hard drive miss contain approxim hour voic record communic dispatch medic staff prior medic transport septemb june hard drive searchabl without separ applic mani record contain protect health inform hard drive miss ces lock secur area breach affect individu includ clinic demograph inform ce provid breach notif hhs affect individu media upon discoveri breach ce instal secur camera area hard drive locat ceas store backup transport voic record mobil devic encrypt mobil devic retrain staff ocr obtain document ce implement complianc action list
## [638] cover entiti ce lancast cardiolog medic group sunder heart institut vascular medic clinic report sometim june june laptop comput desktop comput server portabl electron devic stolen facil burglari approxim individu affect breach type electron protect health inform ephi involv breach includ clinic demograph inform follow breach ce prompt report incid law enforc provid breach notif hhs affect individu media result incid well ocr’ correspond investig ce implement plan encrypt ephi store devic ce also implement addit physic safeguard includ instal new lock improv video surveil ce updat polici procedur address administr technic physic safeguard ocr obtain assur ce implement correct action note
## [639] june tampa polic depart notifi cover entiti ce pediatr gastroenterolog hepatolog nutrit florida pa paper printout facil found crimin investig employe ce remov appoint sheet contain name social secur number date birth account number patient premis without author ce provid breach notif hhs affect individu set toll free number answer question follow breach ce review polici retrain staff hipaa privaci secur polici ce also implement physic secur procedur reduc risk unauthor access print document implement role base access procedur limit access electron phi ce also improv administr safeguard requir random background check employe throughout durat employ ocr obtain assur ce implement correct action note ce also termin involv employe employ employe crimin investig action relat breach
## [640] cover entiti ce pt northwest llc inadvert email questionnair patient copi patient email distribut recipi blind carbon copi email address contain patient name follow breach ce sanction employe respons impermiss disclosur ce provid breach notif hhs affect individu media result ocr’ investig ce conduct companywid annual hipaa train start process conduct person followup hipaa train complet decemb
## [641] august unknown entiti hack cover entiti ce electron databas util crypto locker comput virus virus attach ces portabl document format pdf file contain patients’ name date birth clinic inform person identifi virus block ces access aforement pdf file ce receiv email messag demand ransom order gain access lock pdf file approxim individu affect breach upon discov breach ce conduct breach risk assess indic low overal probabl protect health inform phi compromis therefor breach notif individu media requir ce report breach incid internet crime complaint center divis feder bureau investig prevent similar breach happen futur ce retain comput forens firm assist analysi ransomwar incid instal antimalwar product comput ce train staff polici procedur regard cyber secur awar ocr obtain document assur ce implement correct action note
## [642] NA
## [643] may juli governors’ offic technolog busi associ ba sent letter contain protect health inform phi behalf cover entiti ce colorado depart health care polici financ wrong medic assist program client due technic error ba’ comput system breach affect individu type phi involv vari household household includ name address state identif number medicaid case number employers’ name amount incom amount approv advanc premium tax credit approvalsdeni medic assist program date birth ce provid breach notif hhs affect individu media prevent recurr type incid ba’ subcontractor deloitt fix softwar use colorado benefit manag system ensur ce’ letter address appropri recipi implement addit procedur qualiti control mail ocr obtain written assur ce ba subcontractor implement correct action note
## [644] workforc member cover entiti ce cancer care northwest lost paper binder contain protect health inform phi binder like thrown away garbag proper safeguard otherwis secur offic approxim individu affect breach phi includ name date birth diagnosescondit treatment inform prevent similar breach happen futur ce instruct work forc member take note electron retrain workforc member hipaa polici ce provid breach notif hhs affect individu media offer ident theft fraud protect servic affect individu ocr obtain assur ce implement correct action
## [645] ocr open investig endocrinolog associ cover entiti ce report june june discov unauthor individu broken remov lock secur portabl demand pod storag contain held protect health inform phi approxim individu phi includ individuals’ name address date birth social secur number lab result diagnos clinic inform ce provid notif breach individu affect breach hhs media follow breach ce report incid local polic depart enhanc physic safeguard appli pod storag contain retrain workforc member hipaa polici procedur ocr obtain assur ce implement correct action list
## [646] june cover entiti ce walgreen pharmaci report vendor kurtzman carson consult llc mail lawsuit settlement postcard individu includ protect health inform phi addit address viewabl postal rout phi includ prescript inform insur health inform approxim individu ce mitig breach direct vendor remov inform affect individuals’ contact inform futur mail relat propos class action settlement revis applic polici procedur ce provid breach notif hhs affect individu media establish call center field consum question ocr obtain document assur ce implement correct action list
## [647] physician’ backpack contain five unencrypt portabl data drive handwritten notebook protect health inform phi approxim pediatr patient stolen automobil type phi involv breach includ name date birth hospit medic record number type surgeri perform treat physicians’ name one drive contain surgic imag twenti patient breach affect approxim patient texa children hospit tch patient memorialhermann physician surgic fellow cover entiti ce baylor colleg medicin report theft polic notifi tch tch initi investig notifi ce breach juli ce provid breach notif hhs affect individu media follow breach ce distribut acknowledg attest document medic resid fellow address ce’ patient privaci secur polici includ incid report procedur due ocr’ involv resid fellow learner requir complet acknowledg attest begin academ year ce also initi polici requir acknowledg attest includ graduat medic educ program participant’ contract begin academ year
## [648] two unencrypt laptop one portabl storag devic thumb drive stolen burglari august collect contain electron protect health inform ephi individu ephi involv breach includ name date birth insur inform social secur number date treatment type treatment diagnos follow breach offic dr bayard cover entiti ce notifi hhs individu affect breach media ce provid individu ident protect servic credit monitor servic cost result ocr’ investig ce implement facil access control polici procedur instal offic alarm system four surveil camera ce also encrypt comput workstat initi requir use privaci screen lock storag room equip use
## [649] cover entiti ce tj samson communiti hospit discov june sent advertis email patient inadvert expos name email address recipi ce provid breach notif hhs affect individu media respons breach ce draft new polici detail intern use patient portal communic patient also counsel market staff dissemin inform ocr obtain assur ce implement correct action list
## [650] cover entiti ce lawrenc general hospit discov portabl comput drive thumb drive encrypt passwordprotect miss follow theft laboratori protect health inform involv includ name laboratori test code slide identif number affect individu ce provid breach notif hhs affect individu media follow breach ce elimin need use thumb drive patholog laboratori acceler complet reconfigur compat comput port usb port disabl use unencrypt thumb drive ce also implement new procedur monitor receipt media devic ocr obtain assur ce implement correct action list
## [651] cover entiti ce veteran affair report may paper record contain protect health inform phi left outsid trash dumpster hot spring campus breach affect individu involv name partial full social secur number address date birth follow breach ce destroy record although ce compli breach notif requir result ocr’ substanti technic assist initi revis breach notif procedur ce also offer credit monitor veteran whose full social secur number potenti breach
## [652] cover entiti ce report ocr offic burglar laptop desktop comput well backup data stolen comput contain protect health inform phi approxim individu phi involv breach includ name address date birth social secur number claim inform ce provid breach notif hhs affect individu media follow breach ce strengthen physic safeguard encrypt comput began store backup data offsit encrypt server ocr’ investig result ce undertak new risk analysi risk manag plan enhanc practic safeguard phi ephi
## [653] cover entiti ce north east medic servic report juli unencrypt laptop comput use store electron protect health inform ephi stolen trunk workforc member’ car time breach laptop store ephi associ individu ephi includ patients’ name date birth gender contact inform payersinsur diagnos medic treatment inform test result appoint inform case social secur number ce provid breach notif hhs affect individu media respons breach ce implement encrypt technolog also updat relev polici procedur includ polici use encrypt technolog strengthen password requir access ephi addit ce sanction workforc member respons breach provid addit train workforc member polici procedur use disclosur phi encrypt technolog respons ocr’ investig ce perform updat risk analysi
## [654] siouxland anesthesiolog cover entiti ce report subject crimin malwar attack ce report hacker infiltr one comput server instal malwar left patients’ electron protect health inform ephi vulner unauthor access expos ephi includ patients’ name address date birth case social secur number breach affect approxim individu follow breach report individu media hhs ce investig incid provid affect individu credit monitor inform contact inform question regard breach respons breach ocr’ review ce took number action address mitig effect breach includ disabl compromis server replac new server examin work station ensur secur establish user control updat password manag procedur cours review ocr provid ce technic assist regard necessari chang polici procedur requir conduct period thorough enterpris wide risk analys review updat risk manag process
## [655] earli april perform nonroutin pharmaci audit cover entiti ce sioux fall veteran administr health care system discov paper prescript record miss secur vault unabl determin happen record report breach miss record affect individu contain clinic andor demograph protect health inform phi ce provid breach notif hhs affect individu media follow breach ce discontinu attach progress note full social secur number ce also implement inventori pharmaci record remov obsolet languag procedur regard breach notif rule train relev staff safeguard paper record contain phi time discoveri notif ocr obtain assur ce implement correct action note
## [656] two binder belong former employe discov dave’ beach fall river ma may binder contain protect health inform phi patient cover entiti ce prima care pc phi predomin consist name date birth diagnos admiss treatment date medic record number hospit account number three individu phi also includ partial complet social secur number ce provid breach notif hhs affect individu media also provid dedic telephon number question free credit monitor servic breach social secur number result breach ocr’ investig ce revis polici procedur relat use disclosur phi safeguard minimum necessari standard
## [657] NA
## [658] NA
## [659] may cover entiti ce ohiohealth discov unencrypt portabl comput drive ‘thumb drive” miss breach affect approxim individu type protect health inform phi involv breach includ patients’ name medic record number name insur compani address date birth physicians’ name referr treatment date type procedur certain limit instanc clinic inform social secur number ce provid breach notif hhs affect individu media follow breach ce sanction retrain employe lost thumb drive suspend use thumb drive involv depart retrain employe ce also revis polici mobil storag devic secur usag disposit thumb drive addit ce encrypt mobil storag devic revis launch annual complianc educ employe ocr obtain document ce implement correct action step note
## [660] patient schedul cover entiti ce advanc radiolog consult email patients’ protect health inform phi work email account person email account order keep separ record perform issu addit patient affect breach schedul access phi email usb devic total individu affect phi involv breach includ patients’ name date birth phone number account balanc insur inform treatment examin inform appoint date time appoint note refer physicians’ inform follow discoveri breach ce sanction workforc member request delet phi sent person email account ce also provid breach notif hhs affect individu media provid individu credit monitor servic cost ocr obtain assur ce implement correct action list
## [661] NA
## [662] cover entiti ce urolog associ report individu affect breach occur unknown individu broke lock storag unit secur storag facil store medic record box contain medic record clear rifl indic record remov ce provid breach notif hhs affect individu media also provid one year free credit monitor affect individu follow breach ce remov medic record storag facil shred scan secur encrypt comput databas ocr obtain assur ce implement correct action list
## [663] NA
## [664] NA
## [665] ocr close investig consolid review complianc review involv hack incid involv carefirst bluecross blueshield
## [666] NA
## [667] june two unencrypt desktop comput contain protect health inform phi approxim individu stolen busi associ ba treat insur agenc north littl rock offic ba insur broker solicit submit applic health insur coverag cover entiti ce arkansa blue cross blue shield type phi involv breach includ demograph clinic financi inform ce provid breach notif hhs affect individu media ocr review ba agreement place ce ba determin ba agreement compliant cfr §§
## [668] medic resid lost unencrypt thumb drive contain name date birth clinic inform diagnos patient select chart review cover entiti ce maricopa integr health system provid breach notif hhs affect individu media respons breach ce comprehens review privaci secur practic updat hipaa polici procedur sanction retrain medic resid retrain workforc member hipaa secur procedur ocr’ investig result cover entiti improv hipaa practic
## [669] may access audit reveal cover entiti ce employe access patients’ electron medic record beyond scope author access assign job respons ce discov unauthor access date back breach affect approxim individu type protect health inform phi involv breach includ patient diagnos medic condit ce provid breach notif hhs affect individu media ocr’ investig ce retrain revenu depart red wing se minnesota region privaci rule ocr obtain written assur ce implement correct action step list
## [670] ocr open investig cover entiti ce amsterdam nurs home corpor report januari protect health inform phi store busi associ ba citistorag llc may impermiss disclos effort extinguish fire incid affect individu type phi involv breach includ residents’ name address date birth health insur inform social secur number inform health status treatment ce provid breach notif hhs affect individu media post substitut notif websit result ocr’ investig ce record impermiss disclosur affect individuals’ phi account disclosur purpos remind ba notif oblig set forth ba agreement obtain written assur ba ba complianc relev build safeti code ce also reissu hipaacompli breach notif letter affect individu resid massachusett
## [671] may busi associ bas sent misdirect collect letter behalf cover entiti ce howard univers faculti practic plan type protect health inform phi involv breach includ name account number date servic bas involv ces collect effort includ california healthcar medic bill inc “chmb” jp recoveri servic inc “jprs” ce provid breach notif hhs affect individu media post substitut notif websit follow breach chmb develop polici procedur enhanc qualiti assur process report contain phi jprs staff work close ce ensur futur placement data file verifi correct prior download collect system ce provid ocr copi ba agreement ce two bas ocr obtain assur ce implement correct action list
## [672] cover entiti ce integr health plan inc discov may busi associ ba independ live solut llc sent explan benefit eob inform incorrect network provid eob contain patient name date birth medicaid identif number applic diagnosi procedur code affect individu ce ba agreement place ba sinc juli ce provid breach notif hhs affect individu media also post notic websit respons breach ce provid addit train materi ba addit ce ba revis payment process implement twostep verif process materi mail ocr obtain assur ce implement correct action list
## [673] employe cover entiti ce massachusett general hospit sent unencrypt email incorrect email address email contain protect health inform phi individu type phi involv breach includ name date birth medic record number sand social secur number follow breach ce sanction employe question chang polici use secur storag applic instead email send phi ocr obtain assur ce implement correct action list
## [674] georgia depart human servic cover entiti ce discov june employe email password protect spreadsheet contain protect health inform phi three recipi contractor ce research purpos contractor consid busi associ ce ce investig determin spreadsheet contain phi individu includ full name general geograph area resid intern identif number date recent medic assess diagnos associ assess ce obtain assur recipi version spreadsheet correspond email chain delet access anyon els ce time breach notif hhs affect individu media respons breach ce retrain workforc revis polici procedur improv train program implement addit clearanc approv requir share data ocr obtain assur ce implement correct action list
## [675] NA
## [676] unencrypt passwordprotect laptop comput stolen resid physician’ car laptop contain electron protect health inform ephi approxim individu includ patients’ name date birth medic procedur date medic lab result admiss discharg date treat physicians’ name treatment plan cover entiti ce univers oklahoma provid breach notif hhs affect individu media also offer ident protect servic affect individu post substitut notic websit follow breach ce retrain resid physician encrypt polici procedur counsel sanction involv resid result ocr’ investig ce develop polici encrypt laptop firstyear resid also institut requir firstyear resid disclos laptop tablet smartphon use ce’ busi ensur encrypt ce’ repres
## [677] cover entiti ce orlando health discov audit may employe access protect health inform phi outsid scope employ phi contain name date birth clinic record individu ce provid breach notif hhs affect individu media post substitut notic respons breach ce retrain employe addit ce offer credit monitor affect individu ocr obtain assur ce implement correct action list addit employe involv incid termin
## [678] employe cover entiti ce upmc health plan inadvert sent unsecur email protect health inform phi incorrect thirdparti email address breach includ electron phi individu includ name date birth member identif number phone number type insur member primari care provid ce provid breach notif hhs affect individu media follow breach ce retrain staff member ocr review upmc health plan’ risk analysi ensur complianc secur rule obtain assur ce implement correct action list
## [679] cover entiti ce meritus medic center report audit reveal vendors’ employe walgreen pharmaci access protect health inform phi approxim patient without busi need type phi potenti access includ demograph inform name date birth medic record number instanc health insur inform medicar identif number well clinic inform ce confirm termin employee’ access electron health record ehr escort employe meritus campus ce provid breach notif hhs media affect individu offer credit monitor ce implement new system implement technic measur vendor’ employees’ access limit separ system interfac ehr pull limit patient inform specif relat patient receiv walgreens’ servic ocr obtain assur ce implement correct action list
## [680] cvs health store cover entiti ce loot burn riot activ occur citi baltimor maryland comput contain electron protect health inform ephi stolen individu affect incid specif type phi stolen comput includ patients’ first last name partial date birth address medic name medic dosag prescript number cvs health provid ocr assur individu affect breach media notifi accord breach notif rule individu affect breach given year free credit monitor ce
## [681] ocr open investig cover entiti ce episcop health servic inc dba st john’ episcop hospit report busi associ ba employe sold patient data unknown person protect health inform phi includ patients’ name address date birth gender email address social secur number account number date servic medic insur inform diagnos bill code reason treatment ba zotec partner llc dba medic manag llc also file separ breach report result breach ba transit improv bill system offer secur control implement softwar track monitor access user activ mask social secur number employe whose job duti requir full access addit ba conduct updat train privaci secur rule standard employe ocr obtain assur case ba implement correct action note also open separ investig ba
## [682] NA
## [683] januari april physician employ cover entiti ce central brooklyn medic group pc impermiss disclos protect health inform phi approxim patient former medic assist via facsimil multipl occas one occas physician accident transpos digit intend facsimil number disclos phi patient unrel third parti type phi involv breach includ patients’ name age sex appoint date time reason visit treat physician’ name medic condit ce sent breach notif letter patient schedul see physician year prior breach ce identifi specif patient affect howev like within group ce also provid breach notif hhs media upon discoveri breach ce confirm destruct phi possess unrel third parti medic assist sanction physician ce also retrain workforc member regard hipaa complianc includ ce’ polici regard communic via facsimil ocr obtain assur ce implement correct action list addit ce report physician state offic profession medic conduct
## [684] NA
## [685] june st martin parish school base health center report breach one clinic cecilia school base health center csbhs cover entiti ce experienc breach protect health inform phi affect individu four desktop comput one laptop wireless router sever printer stolen offic breakin april type phi involv breach includ name address date birth social secur number diagnos procedur code ce provid breach notif hhs affect individu media result incid ce conduct postincid risk analysi direct staff chang updat password ce also remot disabl login capabl comput ce improv physic secur csbhs facil addit ce state data store local comput ocr obtain assur ce implement correct action list
## [686] five passwordprotect unencrypt laptop comput stolen global care deliveri busi associ ba cover entiti ce north shore lij health system septemb laptop contain protect health inform phi individu includ name date birth insur identif number contain social secur number diagnos andor treatment code relat claim ba notifi polic time incid notifi ce may ba retain knoll inc assist individu notif provid call center servic answer question individu impact breach breach notif provid hhs affect individu ba offer complimentari oneyear ident theft protect servic busi relationship ce ba end effect may ba close busi
## [687] april two unencrypt tablet comput smartphon backpack contain paper files— stolen two compani vehicl cover entiti ce nation seat mobil inc breach involv protect health inform phi individu includ demograph clinic financi inform ce provid breach notif hhs affect individu media post substitut notic websit respons breach ce revis polici procedur encrypt desktop laptop tablet comput employ remot wipe track technolog ocr obtain assur ce implement correct action list
## [688] NA
## [689] implant dentur dental inc cover entiti ce report june comput server remov facil without consent ce report work law enforc investig incid server contain electron protect health inform ephi approxim individu type ephi involv incid includ digit xray demograph financi clinic inform follow remov server ces employe unabl access practic manag softwar respons incid ce report adopt encrypt technolog chang password strengthen password requir addit ce revis busi associ ba contract remov server relat complic ba arrang ce also report implement new technic safeguard improv physic secur perform risk assess provid workforc member busi associ addit hipaa train follow ocr’ investig incid ce report close busi ocr independ confirm ce longer open busi
## [690] march breakin occur tacoma washington branch offic numot cover entiti ce item stolen includ five laptop comput access servic work order quot labor guid deliveri checklist breach affect individu protect health inform phi includ name address phone number serial number custom equip document may also contain date birth insur polici number diagnosi code stolen laptop requir password obtain access inform ce provid breach notif hhs affect individu media also offer affect custom one year free credit monitor ce abl success wipe data two comput via remot access result investig ce updat password polici complet full disk encrypt comput hard drive locat ocr provid technic assist ce conduct compliant secur rule risk analysi
## [691] may cover entiti ce blue shield california discov sever author user log account abl access protect health inform phi individu affili line busi due faulti updat restrict web portal phi individu affect includ name address birthdat social secur number identifi ce provid breach notif hhs affect individu media respons breach ce disabl portal deploy patch code correct problem improv code test process ce also sanction develop fail follow code merg process ocr review ce’ hipaa notic privaci practic polici relev breach investig obtain assur ce implement correct action list
## [692] april riot broke baltimor md cover entiti ce keyston pharmaci broken vandal loot multipl prescript stock bottl narcot taken prescript bag contain patient name medic stolen type protect health inform phi contain prescript includ name address prescript inform ce provid breach notif hhs affect individu media offer credit monitor locat immedi secur ce instal new front door upgrad secur system ocr obtain assur ce implement correct action list
## [693] employe cover entiti ce truman medic center found list patient internet list contain name address intern identif number ces patient ce determin list post file transfer protocol ftp site public relat depart mail list use notifi patient clinic move new locat list avail internet septemb march ce provid breach notif hhs affect individu media provid substitut notic websit follow breach ce immedi remov delet patient list ftp site review inform post site ce improv safeguard enabl public relat employe send encrypt email provid instruct use secur email ce also requir addit train workforc member public relat depart ocr obtain written assur ce implement correct action list
## [694] NA
## [695] april two paper binder contain protect health inform phi individu stolen one cover entity’ ce facil along sever item contain phi type phi involv breach financi inform ce file formal polic report polic identifi two potenti suspect ce provid breach notif hhs affect individu media offer credit monitor individu affect follow breach ce improv physic secur facil lock file cabinet contain phi updat secur procedur employees’ access premis also convert payment system paperless electron system implement encrypt requir inform store share drive ce also train employe chang secur polici procedur ocr obtain assur ce implement correct action list
## [696] safe contain two unencrypt comput flash drive two unencrypt hard drive went miss administr build cover entiti ce lancast counti em protect health inform phi store miss hard drive flash drive includ patient name address date birth social secur number medic medic histori medic treatment healthcar insur inform individu ce provid breach notif hhs affect individu media respons breach ce implement univers control ensur ces devic can connect network ce also implement secur control physic safeguard restrict access server room addit ce implement video secur system monitor server room ocr obtain assur ce implement correct action list
## [697] april laptop comput belong busi associ ba gallant risk insur servic inc stolen due offic breakin breach affect individuals’ protect health inform phi includ combin individuals’ name address date birth social secur number group polici number insur identif number ba report incid local law enforc affect cover entiti respons ocr’ investig ba ensur proper breach notif provid increas physic secur increas technic safeguard electron phi util addit encrypt adopt hipaa polici procedur ocr obtain document assur ba implement correct step
## [698] april rioter baltimor md broke vandal loot eight locat cover entiti ce rite aid take fill prescript “willcall” prescript involv breach contain patients’ name address medic name ce provid breach notif hhs media affect individu offer credit monitor vandal locat except one burn reopen full secur restor ocr obtain assur ce implement correct action list
## [699] person laptop belong oregon health coop employe stolen unattend lock car laptop unencrypt contain electron protect health inform ephi approxim individu ephi involv breach demograph inform includ name address social secur number date birth health plan identif number health plan number follow breach cover entiti ce sanction employe implement addit technic safeguard prevent download ephi onto person electron devic train employe technic safeguard ocr provid ce technic assist regard risk analysi risk manag implement
## [700] NA
## [701] cover entiti ce buffalo heart group report breach staff physician provid password third parti remot access cover entity’ electron medic record emr breach result disclosur individuals’ electron protect health inform ephi ephi includ name date birth address demograph clinic inform ce provid breach notif hhs affect individu media ocr conduct investig result substanti technic assist ce expect conduct risk analysi address potenti risk vulner entir oper correspond risk mitig activ establish risk manag plan implement secur awar train program includ ongo train implement audit control conduct regular inform system activ review
## [702] NA
## [703] NA
## [704] facil cover entiti ce store medic record sinc sold third parti possess properti given new owner five day unbeknownst ce protect health inform phi involv breach includ clinic demograph financi inform individu upon discoveri breach ce immedi retriev record facil evid record otherwis compromis ce provid breach notif hhs affect individu media ce retrain employe revis polici procedur includ proper storag phi distribut revis polici procedur ocr obtain assur ce implement correct action list
## [705] NA
## [706] april success kid famili employee’ laptop comput stolen vehicl park nonwork hour laptop contain protect health inform phi individu includ clients’ name address date birth social secur number limit treatmentrel inform laptop password protect encrypt cover entiti ce provid breach notif hhs affect individu media post substitut notic websit respons incid ce contract vendor upgrad server provid cloud backup servic encrypt comput review polici procedur implement encrypt polici train staff ocr obtain assur ce implement correct action list
## [707] burglar broke offic cover entiti ce stole paper patient chart unencrypt desktop comput two unencrypt laptop comput one encrypt comput server breach affect approxim individuals’ protect health inform phi includ demograph financi clinic inform ce provid breach notif hhs affect individu media also establish dedic call center answer question relat incid offer free credit monitor affect individu follow breach ce move secur local complet risk analys juli februari ce implement risk mitig plan reflect current work environ updat polici procedur mobil devic enhanc physic secur train workforc member secur awar ocr provid technic assist regard hipaa secur rule obtain assur ce implement correct action list
## [708] april sever file contain electron protect health inform ephi discov comput access public medic librari cover entiti ce alexian brother medic center file includ first last name medic record number medic inform relat patient clinic inform patient approxim individu affect breach ce provid breach notif hhs affect individu media follow breach ce post sign note comput “public computers” save file devic secur comput data save onto virtual desktop hard drive essenti render folder “read ” ce also implement process track user access one public comput ce retrain workforc group involv breach ocr obtain document assur ce implement correct action list
## [709] NA
## [710] cover entity’ ce policyhold erron receiv welcom packet mail contain protect health inform phi individu summari page breach affect individu type phi involv incid includ policyholders’ name coverag appli premium amount whether applic new employe code name repres employees’ depart denial accept insur coverag respons breach ce updat privaci secur procedur includ updat mail process ce instal new printer softwar qualiti assur qa desktop addit machin locat qa lab ce also purchas instal new local printer will allow tester coder confirm packet accuraci ce provid breach notif hhs affect individu media ocr obtain assur ce implement correct action list
## [711] NA
## [712] employe cover entity’ ce busi associ ba medic manag llc “mml” disclos demograph inform ce’ patient outsid parti protect health inform phi involv breach includ name date birth social secur number follow breach ce assist ba respond breach notifi affect individu addit ocr review ce’ risk analysi ensur complianc secur rule
## [713] medic manag llc provid bill servic busi associ ba medic facil various state ba agreement place cover entiti ce march ir notifi ba one employe involv ident theft ring employe confess activ termin ba determin employ employe access patient’ record contain protect health inform phi includ demograph inform name date birth social secur number ba notifi ce breach establish call center sent letter potenti affect individu behalf ces offer credit monitor id theft protect sent media notic newspap notifi hhs respons breach ba upgrad improv bill system secur control mask social secur number appropri retrain staff addit ba implement softwar track monitor access user activ monitor staff order identifi abnorm access ocr obtain assur ba implement correct action list
## [714] busi associ ba employe disclos protect health inform phi approxim cover entity’ ce patient outsid parti phi involv breach includ name date birth social secur number follow breach ce termin relationship ba ocr review ce’ risk analysi ensur complianc secur rule
## [715] uniti recoveri group inc uniti share patient inform cover entiti continu substanc abus treatment erron believ practic impermiss disclosur file breach report hhs ocr determin breach occur ocr provid technic assist uniti regard permiss disclosur treatment purpos differ “consent” “authorization” hipaa definit breach protect health inform notif must provid notif requir uniti affili perman close decemb intent resum futur oper legal entiti name
## [716] cover entiti ce ventura counti health care agenc discov backpack contain document patient left elementari school stolen employee’ car file intact type protect health inform phi involv breach includ name balanc owe intern account number ce provid breach notif hhs affect individu media post notic websit respons breach ce sanction workforc member question retrain staff ce also provid ocr addit document specif hipaa notic privaci practic polici relev breach investig addit ce provid ocr written assur provid refresh remind staff member hipaa privaci polici procedur
## [717] march cover entiti ce walgreen pharmaci report discov pharmaci paper log stafford texa miss approxim number individu affect breach protect health inform phi involv breach includ patients’ prescript number first last name date birth address photo identif type number individu pick prescript ce provid breach notif hhs affect individu media follow breach ce retrain pharmaci staff communic import safeguard patient inform ocr obtain document show ce implement correct action list
## [718] NA
## [719] cover entiti ce counti los angel report april execut search warrant home individu employ counti depart health servic dhs lacusc medic center hawkin mental health center hawkin matter unrel counti busi law enforc discov seiz item contain confidenti patient inform approxim hawkin patient treat type protect health inform phi involv breach includ financi demograph clinic inform ce provid breach notif hhs affect individu media follow breach ce sanction involv employe termin employee’ electron inform technolog access well physic access dhs’ system dhs provid inservic hipaa train hawkins’ staff ocr obtain assur ce implement correct action list employe resign follow breach incid
## [720] NA
## [721] NA
## [722] NA
## [723] physician’ assign laptop comput contain electron protect health inform ephi approxim individu stolen type ephi involv breach includ diagnos condit individu cover entiti ce provid breach notif hhs affect individu media follow breach ce updat relev hipaa polici includ encrypt ensur safeguard ephi sanction physician involv ocr obtain assur ce implement correct action list ce also notifi dean director ce’ healthcar compon correct action taken respons incid
## [724] cover entiti ce clinic refer laboratori inc sent parcel massachusett mutual life open damag mail process unit state postal servic usp damag parcel contain protect health inform phi approxim individu includ name partial full social secur number date birth clinic test code ocr receiv two breach report ce involv similar fact pattern breach report case ocr consolid investig one breach complianc review ce investig breach conclud likelihood misus disclosur phi remot sinc usp confirm unmatch page segreg shred ce provid breach notif hhs affect individu notifi appropri author requir jurisdict includ affect individu ce also offer affect individu free twoyear subscript credit monitor servic credit report control follow breach ce appoint new privaci offic requir complet hipaa train verifi workforc receiv hipaarel train ce also implement new breach report procedur initi implement secur onlin portal client obtain phi electron ocr obtain document evidenc ce implement correct action list
## [725] NA
## [726] individu accid sent invoic numer patient cover entiti ce due human error guarantor inform institut account inadvert chang individu patient protect health inform phi involv breach includ demograph financi clinic inform individu ce provid breach notif hhs affect individu media prevent futur similar occurr cover entiti reeduc patient accessregistr staff began revis process institut payer ocr review ce’ relev hipaa polici procedur obtain assur ce implement correct action list
## [727] march cover entiti ce wellmont health system discov one employe dispos handwritten note contain protect inform phi individu local recycl center type phi involv breach includ demograph clinic inform employe voluntarili resign posit ce provid breach notif hhs affect individu media websit respons breach ce retrain workforc emphas import safeguard proper dispos phi addit ce report employe now util laptop mobil devic creat note patient record make paper note virtual nonexist ocr obtain assur ce implement correct action list
## [728] seton famili hospit cover entiti ce experienc two email phish attack attack involv protect health inform phi includ name date birth social secur number treatment inform approxim individu upon discov breach ce took step immedi disabl affect email account ce provid breach notif hhs affect individu media ce improv technic secur retrain staff ocr obtain assur ce implement correct action list
## [729] NA
## [730] march cover entiti ce learn box contain health insur claim form damag feder express fedex hub memphi tennesse protect health inform phi involv breach includ name address date birth gender diagnosi code procedur code insur identif number social secur number individu retain legal counsel ce investig incid determin mani form miss retriev mani miss form possibl ce provid breach notif hhs affect individu media offer one year credit protect affect individu addit ce decreas size batch mail limit potenti size data breach associ lost damag box ocr obtain assur correct action taken
## [731] NA
## [732] cover entiti ce american sleep medicin san diego california report breach individuals’ electron protect health inform ephi result stolen backup comput hard drive hard drive contain name birthdat medic histori physician name studi result ce provid breach notif hhs affect individu media follow breach ce improv physic safeguard conduct new secur analysi revis polici procedur train workforc result ocr’ investig ocr provid technic assist regard hipaa secur rule
## [733] NA
## [734] NA
## [735] cover entiti ce new york state offic mental health report breach workforc member lost passwordprotect unencrypt laptop comput new york citi taxicab ce report laptop contain protect health inform particip certain research studi ce’ nathan s kline institut psychiatr research nki phi consist name phone number age birthdat case code diagnost inform data obtain assessmentstest andor inform note ce notifi hhs media affect individu includ offer one year ident protect servic cost follow breach ce replac devic found complianc current encrypt standard implement network access control devic guarante unencrypt devic devic sourc outsid ce will longer work nki network ce also requir investig submit detail data secur plan institut review board restrict nki research download data specif research databas without prior approv manag ce also sanction workforc member connect breach incid cours investig ocr obtain assur ce implement correct action list addit ocr state expect ce will conduct risk analysi implement correspond remedi plan ensur implement polici procedur relat asset inventori manag access audit control secur storag data loss prevent secur configur control
## [736] st vincent medic group inc cover entiti ce report decemb learn employee’ user name password compromis result phish email attack breach affect approxim individu protect health inform phi involv breach includ name address date birth clinic inform case social secur number ce provid breach notif hhs affect individu media follow breach ce disabl reset password email account respons breach requir employe reset password also deploy softwar scan internet address employees’ email determin malici requir phish train employe ocr obtain document assur ce implement correct action step list
## [737] april ocr receiv breach report cover entiti ce denton counti health depart state februari employe use unencrypt portabl comput save print person document fedexkinko’ mobil drive contain protect health inform phi approxim individu tuberculosi clinic phi includ lab test result demograph inform clinic data base inform gather investig ocr open complianc review regard ces potenti noncompli multipl hipaa standard consolid investig review
## [738] NA
## [739] NA
## [740] cover entiti ce allina health erron mail number letter patient prevent screen result individu receiv letter screen sampl collect kit address label anoth individual’ name two busi associ ba vendor also involv process mail breach affect approxim individu protect health inform phi involv breach includ individuals’ name follow breach ce immedi ceas mail prevent screen kit abl complet investig determin root caus breach includ review busi associate’ practic regard mail screen kit ensur qualiti control process place appropri follow ce also initi implement incid system time effect manag investig patient notif risk mitig ce provid breach notif hhs affect individu media outlet minnesota state senat ce engag outsid vendor mail individu notif establish call center accommod patient inquiri ce also implement new workflow mail process reduc number manual step incorpor addit qualiti check reduc potenti error ensur accuraci mail list ce also retrain employe safeguard phi mail correspond verifi employe receiv train ocr obtain document evidenc ce implement correct action list
## [741] cover entiti ce staff member sent email contain list name email address patient unintend recipi recipi inform ce receiv inform type protect health inform phi involv breach includ patients’ name email address ce provid breach notif hhs affect individu media follow incid intend recipi web design chang email address ce implement encrypt polici retrain workforc member ce provid ocr copi encrypt polici ocr determin compli secur rule
## [742] NA
## [743] NA
## [744] employe arrest onsit suspicion ident theft use electron protect health inform ephi obtain employ cover entiti ce open credit card account anoth individual’ name employe crimin histori identifi ce’ hire process ce provid breach notif hhs affect individu media also cooper subsequ law enforc investig follow breach ce sanction employe termin replac vendor background check potenti employe ce also improv physic secur enhanc technic safeguard ephi form committe formal written polici safeguard ephi enhanc staff train ocr obtain assur ce implement correct action note
## [745] cover entiti ce report breach individuals’ electron protect health inform ephi result workforc member email inform regard log ce’ health care portal without blind copi patient encrypt email action lack thereof left everi patient’ email address expos ce provid breach notif hhs affect individu media follow breach ce improv safeguard chang strengthen password requir disabl patients’ health portal account implement new technic safeguard addit ce requir affect patient reregist onlin portal revis implement new polici procedur ce sanction workforc member involv retrain entir workforc ocr provid technic assist regard hipaa secur rule obtain document assur ce implement correct action list
## [746] NA
## [747] rogu employe cover entity’ ce busi associ ba intermedix dba advanc data process inc improp access disclos account inform individu serv ambul agenc state ce initi notifi none data involv howev februari ce notifi law enforc opalocka florida sheet paper contain account inform regard ce’ servic found person arrest date follow notif ba’ investig confirm known disclosur like disclosur individuals’ protect health inform phi risk disclosur type phi involv breach includ demograph inform social secur number health insur inform ce provid breach notif hhs affect individu media post substitut notic websit ba offer month free credit monitor fraud resolut servic follow breach ba creat inform secur team within complianc depart integr new secur measur bill system develop new user interfac place restrict employe base specif job role ce revis ba agreement ocr also obtain assur ba implement correct measur list
## [748] februari remitt advic report contain health servic financi inform approxim individu rip open us postal offic improp disclos individuals’ protect health inform phi includ patients’ name member number servic render date servic provid inform postal offic rewrap remain page packag deliv busi associ ba cover entiti ce world trade center health program address ce provid breach notif hhs affect individu media notic requir due geograph locat affect individu respons breach ce revis hipaa train program addit nation govern servic ba sent mail behalf ce revis mail process procedur use nontear envelop box futur mail ocr obtain assur ce implement correct action list
## [749] document contain protect health inform phi pih health hospit patient stolen resid doctor’ privat vehicl phi involv breach includ name date birth diagnos primari provid hospit unist assign nurs name cover entiti ce provid breach notif hhs affect individu media respons breach ce sanction retrain doctor respons breach train resid develop new polici prohibit resid take phi offcampus develop signag remind resid new polici ocr obtain written assur breach notif provid correct action taken
## [750] NA
## [751] cover entiti ce cignahealthspr discov januari employe accid mislabel envelop contain health risk assess survey mail patient ce provid breach notif hhs affect individu media respons breach ce creat new procedur mail provid train staff member ocr obtain assur ce implement correct action list
## [752] januari former employe cover entiti ce vha eastern colorado healthcar system purport whistleblow disclos patient waitlist news report breach affect individu type protect health inform phi involv breach includ schedul date last four digit social secur number clinic name possibl patients’ first last name ce provid breach notif affect individu media hhs ce also investig incid mitig effect breach provid affect individu credit monitor inform ocr obtain assur ce implement correct action list
## [753] tripl manag corpor “triples” behalf wholli own subsidiari tripl salud inc triplec inc tripl advantag inc former known american health medicar inc agre settl potenti violat health insur portabl account act hipaa privaci secur rule us depart health human servic offic civil right ocr tripl will pay million will adopt robust correct action plan correct defici hipaa complianc program effort alreadi begun “ocr remain commit strong enforc hipaa rules” said ocr director jocelyn samuel “ case send import messag hipaa cover entiti complianc requir secur rule includ risk analysi complianc requir privaci rule includ address busi associ agreement minimum necessari use protect health information” tripl insur hold compani base san juan puerto rico offer wide rang insur product servic resid puerto rico subsidiari tripl fulli cooper hhs investig case agre put place comprehens hipaa complianc program condit settlement receiv multipl breach notif tripl involv unsecur protect health inform phi ocr initi investig ascertain entities’ complianc hipaa rule ocr’ investig indic widespread noncompli throughout various subsidiari tripl includ failur implement appropri administr physic technic safeguard protect privaci beneficiaries’ phi impermiss disclosur beneficiaries’ phi outsid vendor appropri busi associ agreement use disclosur phi necessari carri mail failur conduct accur thorough risk analysi incorpor equip applic data system util ephi failur implement secur measur suffici reduc risk vulner ephi reason appropri level settlement requir tripl establish comprehens complianc program design protect secur confidenti integr person inform collect beneficiari includ risk analysi risk manag plan process evalu address environment oper chang affect secur ephi hold polici procedur facilit complianc requir hipaa rule train program cover requir privaci secur breach notif rule intend use member workforc busi associ provid servic tripl premis
## [754] encrypt server contain electron protect health inform ephi approxim individu stolen cover entiti ce project vida health center facil thiev bypass lock sensor facil secur system enter window secur steel bar ephi includ patient name date birth social secur number address zip code ce provid breach notif hhs affect individu media notic public provid english spanish follow breach incid ce transit server base system cloud host system ce demonstr immedi act recov data purpos busi continu ce provid document new secur measur implement suffici reduc risk vulner ephi addit ce encrypt data implement access control inform system ocr obtain assur ce implement correct action list
## [755] entiti cover hipaa
## [756] NA
## [757] NA
## [758] cover entiti ce pediatr associ discov binder contain paper log patient record releas miss januari search investig ce determin like binder unintent discard type protect health inform phi contain log includ patient name intern chart number recipi releas explan record releas ie “parent requested” ce provid breach notif hhs affect individu media respons breach ce chang procedur requir record releas log electron ce archiv shred paper record releas log ocr obtain assur ce implement correct action list
## [759] NA
## [760] NA
## [761] busi associ ba iron mountain discov five box archiv paper record store cover entiti ce life care center attleboro unaccount lost cours investig ba locat two miss box thus loss affect protect health inform phi approxim individu record includ demograph financi clinic inform ocr obtain evid time notif breach individu media hhs review ba agreement iron mountain
## [762] cover entiti ce mt sinai discov employe print paper face sheet excess job duti illicit purpos face sheet contain demograph clinic inform individu ce provid breach notif hhs affect individu media respons breach ce alter polici limit user allow print face sheet addit ce retrain workforc dissemin educ materi ocr obtain assur ce implement correct action list ce also termin employ involv employe
## [763] law enforc discov paper record belong cover entiti ce florida hospit cours investig intern investig reveal two employe access print record excess job duti protect health inform phi involv breach includ demograph data includ social secur number clinic inform health insur inform affect individu ce provid breach notif hhs affect individu media post notic websit respons breach ce retrain staff began process mask social secur number elimin need print facesheet ocr obtain assur ce implement correct action list ce also termin employe involv breach
## [764] februari cover entiti ce learn one facil unabl locat binder contain pointofcar test result miss binder never found binder contain protect health inform approxim individu type protect health inform involv breach includ name date servic test type test result possibl date birth ce provid breach notif hhs affect individu media follow breach ce retrain staff implement new qualiti control log instruct medic practic store inform electron medic record ocr obtain assur ce implement correct action list
## [765] cover entiti ce kane hall barri neurolog report januari unencrypt laptop comput contain protect health inform phi patient stolen workforc member’ car phi includ patient name address date birth diagnos condit medic result breach ce improv technic safeguard laptop comput softwar devic contain phi ensur encrypt password protect addit ce implement new polici train workforc member requir hipaa ce provid breach notif hhs affect individu media also offer one year free ident theft protect affect individu establish toll free breach helplin ocr obtain assur ce implement correct action list
## [766] NA
## [767] februari cover entiti ce advantag consolid llc report access credenti one user wrong acquir use malici softwar instal user comput intrus detect ces intrus detect system breach affect ephi name address dob ssns individu ce provid breach notif hhs affect individu media follow breach ce updat risk analysi risk manag plan enhanc electron technic secur ocr obtain assur ce implement correct action note
## [768] ocr open investig cover entiti ce blue cross blue shield michigan report protect health inform phi patient stolen purpos ident fraud type phi disclos includ name age gender date birth contract number group name number social secur number ce provid breach notif hhs media affect individu follow breach ce improv safeguard mask social secur number remov members’ date birth limit search result record instal new print devic requir employe scan code badg print ocr obtain assur ce implement correct action list
## [769] NA
## [770] sacr heart health system inc’ busi associ ba st vincent health inc third parti bill vendor subject email phish attack result exposur protect health inform individu case consolid investig ba
## [771] cover entity’ ce databas hack held outsid malwar virus comput server’ hard drive contain unencrypt password protect health inform phi approxim individu electron phi ephi contain name address telephon number date birth insur identif number diagnosi code sinc malwar virus discov ce confirm noth copi remov comput just lock ce destroy hard drive access hard drive possibl ce provid breach notif hhs affect individu post notic websit addit ce retrain workforc member institut requir quarter employe privaci secur awar train ce improv safeguard chang password follow ocr’ investig ce improv safeguard chang antivirus softwar encrypt inform save hard drive move ephi cloud base system revis procedur requir week comput virus scan month audit report also chang vendor requir hipaa train final ocr review ce’ comprehens risk analysi plan
## [772] NA
## [773] NA
## [774] selfstorag facil holli new york auction content unit rent cover entiti ce contain medic record individu ultim mani record left unattend home depot park lot jamaica new york protect health inform phi involv breach includ name date birth address social secur number diagnos condit lab result treatment inform follow breach ce provid breach notif hhs affect individu media provid credit ident theft servic individu cost ce also end practic store patient file outsid offic implement polici procedur prohibit busi associ access phi busi associ agreement place ocr obtain assur ce implement correct action list addit new york attorney general ce agre enter assur discontinu requir ce take addit correct action
## [775] physician former affili busi associ univers california san francisco ucsf remov patients’ electron protect health inform ephi cover entiti ce san francisco general hospit trauma center without author ce estim approxim individu affect breach type ephi affect includ patients’ name surgic note consult note radiolog film ce provid breach notif affect individu media hhs respons breach ce implement new hipaa privaci secur polici procedur includ newupd secur rule risk manag plan secur risk analysi new technolog safeguard period technic nontechn evalu train retain workforc member ocr obtain assur ce implement correct action note
## [776] NA
## [777] februari cover entiti ce valley communiti healthcar discov laptop comput connect ekgecg machin miss never recov password protect unencrypt laptop contain demograph inform individu ce provid breach notif hhs affect individu media result ocr’ investig ce evalu threat vulner electron protect health inform addit ce implement encrypt pursuant secur rule increas frequenc email remind employe chang password ocr obtain assur ce implement correct action note
## [778] ocr open investig cover entiti ce sharon j jone report breach patients’ protect health inform phi offic burglar januari ce immedi report incid local law enforc compromis phi includ combin first last name date birth address telephon number social secur number medic insur inform medic record last four digit credit card number ce provid breach notif hhs affect individu media provid affect individu complimentari ident theft protect one year follow breach ce improv safeguard paper phi especi second burglari march result anoth breach ocr investig separ ce secur new offic leas move oper secur build locat draft facil secur plan implement physic secur enhanc util interior lock instal alarm camera shred unnecessari paper document ce also updat polici procedur provid addit train workforc member ocr obtain assur ce implement correct action list
## [779] intrud enter administr offic cover entiti ce window noth stolen howev protect health inform phi individu store offic phi involv breach includ name medic inform medic insur inform address phone number email address ce provid breach notif hhs affect individu media follow breach ce move administr offic anoth locat improv physic safeguard addit ce instruct staff procedur secur store phi ocr obtain assur ce implement correct action list
## [780] decemb cover entiti ce st mary’ health discov phish email attack compromis sever employees’ user name password breach affect approxim individu type protect health inform phi involv breach includ patients’ name address date birth clinic inform instanc social secur number ce provid breach notif hhs affect individu media follow breach ce deploy program assist user identifi phish malwar attack ocr obtain document assur ce implement correct action list
## [781] cover entiti ce clinic refer laboratori inc sent parcel damag open mail process unit state postal servic usp protect health inform phi involv breach includ name date servic partial social secur number lab test type approxim individu ce provid breach notif hhs affect individu media sinc multipl breach report receiv involv ce fact pattern investig consolid one investig
## [782] NA
## [783] NA
## [784] decemb cover entiti ce advanc rehabilit consult ltd discov port one server public access internet allow autom botnet attack server intern investig reveal one spreadsheet access way know spreadsheet view spreadsheet contain patient name diagnos date visit account type therapistsphysician name patient respons breach ce conduct secur risk analysi improv defici area detail risk manag plan ce provid breach notif hhs affect individu ocr provid technic assist regard media notif notif made ocr obtain assur ce implement correct action list
## [785] februari cover entiti ce amedisi inc discov encrypt comput laptop unaccount access former employe left termin ce januari decemb devic contain electron protect health inform ephi approxim effect individu type ephi involv incid includ name date birth address social secur number demograph inform diagnosi lab result medic treatment inform claim inform ce provid breach notif hhs individu media result incid ce implement enhanc termin polici devic recoveri process ce also implement softwar provid offlin devic freez polici complet freez devic connect ce’ network period time ocr provid technic assist ce regard conduct risk analysi requir identifi assess potenti risk vulner ephi ce hire third parti vendor complet enterprisewid risk analysi will provid ocr upon complet
## [786] NA
## [787] cover entiti ce report breach individuals’ electron protect health inform ephi result offic burglari januari stolen server contain name address date birth telephon number social secur number insur inform medic inform bill inform ce provid ocr evid respond secur incid undertook step prevent risk futur secur incid implement physic technic secur safeguard updat secur analysi train entir workforc ocr provid technic assist regard hipaa secur rule
## [788] cover entiti ce st vincent health mismail letter close practic affect approxim individu type protect health inform phi involv breach includ patient name address case inform regard upcom appoint follow breach ce execut busi associ agreement new vender market mail initi util new softwar market initi provid addit account control addit ce ad verif step mail process ce provid breach notif hhs affect individu media ocr obtain assur ce implement correct action note
## [789] one unencrypt laptop comput stolen busi hour offic dr robert mark turner process updat encrypt comput file stolen laptop contain electron protect health inform ephi individu includ name address date birth social secur number driver’ licens number health insur inform record medic treatment cover entiti ce provid breach notif hhs affect individu media provid credit monitor ident theft protect affect individu respons breach ce improv physic safeguard enhanc technic safeguard implement encrypt manag program comput system ocr review ces hipaa risk assess provid technic assist requir element risk analysi risk manag plan
## [790] employe cover entiti ce children’ nation medic center cnms respond phish email believ legitim email individu affect breach involv demograph clinic health insur inform includ limit number social secur number ce provid breach notif hhs affect individu media offer month free ident monitor whose social secur number compromis follow breach ce identifi sourc attack remedi account remov exfiltr softwar implement safeguard increas firewal protect inspect email monitor scan rewrit embed internet address addit ce updat secur polici retrain employe ocr obtain assur ce implement correct action list
## [791] busi associ ba lone star circl care cover entiti ce report breach unsecur protect health inform affect individu breach result backup file inadvert upload ba onto ce’ websit file contain protect health inform patient use websit request appoint prescript refil inquiri ce secur data contain backup file remov page individu use make appoint refil request disabl mobil applic ce also termin busi associ agreement ba market cliqu investig ocr receiv confirm ba longer busi ce provid breach notif hhs media affect individu ocr examin ce’ polici concern administr physic technic safeguard implement ce result investig ocr provid technic assist ce regard risk analysi risk manag plan breach notif individu ce provid ocr document correct action taken
## [792] vandal broke build store paper protect health inform phi cover entiti ce hunt region medic partner type phi involv breach includ patient name address date birth social secur number claim inform patient chart inform approxim individu affect upon discov breach ce file polic report ce provid breach notif hhs affect individu media ce improv physic safeguard retrain staff ocr obtain assur ce implement correct action list
## [793] cover entiti ce pathway hope discov januari former employe email protect health inform phi individu person email account last day employ ce purpos build practic type phi email includ full name referr sourc insur inform general diagnosescondit ie mental healthsubst abus ce provid breach notif hhs affect individu media notic requir ocr provid technic assist ce regard privaci secur breach notif rule respons breach ce counsel workforc member improv train program substanti revis polici procedur hire complianc offic began requir employe sign noncompet nonsolicit confidenti agreement ocr obtain assur ce implement correct action list
## [794] document contain protect health inform phi kaiser permanent patient spill onto highway busi associ ba courier corpor hawaii transport cover entity’ ce document storag mani document retriev road type phi involv breach includ name address date birth driver’ licens inform social secur number identifi ce provid breach notif hhs affect individu media provid affect individu free credit monitor prevent similar breach happen futur ce ba retrain staff hipaa requir revis polici procedur sanction workforc member includ termin ce ba also took step mitig harm result ocr’ investig ocr obtain assur notif correct action list complet
## [795] around octob paper account receiv report went miss cover entity’ ce bill offic report contain protect health inform phi individu includ patients’ intern identif number name clinic visit amount owe ce provid breach notif hhs affect individu media set toll free number answer line email contact respons incid ce conduct intern investig also contact law enforc ask investig result investig ce enhanc physic secur bill offic provid lock file cabinet restrict access offic addit ce retrain staff updat role respons hipaa offic review hipaa polici procedur part investig ocr obtain review ce’ relev hipaa polici procedur document staff train
## [796] februari artuo d toma md ltds offic cover entiti ce discov packag contain protect health inform phi approxim individu lost process shipment bill compani us postal servic usp phi includ individuals’ name address phone number date birth refer physician name medic record number diagnos clinic inform ce provid notif breach affect individu hhs media ce also file claim usp regard miss packag follow breach ce implement new procedur send phi bill compani requir phi transmit either electron secur encrypt portal thirdparti mail servic track capabl addit ce develop polici procedur regard complianc breach notif rule ocr obtain assur ce implement correct action list
## [797] NA
## [798] octob cover entiti ce mistaken dispos binder contain protect health inform phi ce’ archiv prescript dispens log waiv lab test log left unlock closet busi hour custodian mistaken put trash dumpster follow morn dumpster empti trash collector took buri garbag landfil day phi involv incid includ name date birth lab result medic approxim individu ce file breach report determin incid nonreport breach base fourpart breach assess low probabl phi binder compromis ce state breach file ocr untim made error ce conduct investig retrain staff regard hipaa polici procedur complet onsit hipaa complianc audit implement new polici address bulk trash remov health center ocr obtain written assur voluntari action ce list taken
## [799] local merchant sent packag shred document contain protect health inform phi cover entiti ce south sunflow counti hospit use pack materi phi includ date servic providers’ name diagnos patients’ name social secur number date birth individu ce retriev remain shred document store lock room limit access ce provid breach notif hhs affect individu media ce investig modifi polici procedur contract document shred compani destroy hospit paper wast contain phi initi process convert health record electron format result investig ocr review ce’ hipaa polici procedur
## [800] decemb boston baskin cancer foundat employee’ laptop comput extern hard drive stolen extern hard drive contain electron protect health inform ephi individu includ patient name date birth social secur number address phone number clinic medic record number first last date seen clinic investig conclud ephi copi store unencrypt extern hard cover entiti ce provid breach notif hhs affect individu media offer affect individu complimentari credit monitor respons breach ce deploy softwar prevent download unencrypt document comput portabl media ce implement polici requir employe creat passcod mobil devic ce also revis risk manag polici establish procedur remov hardwar electron media contain ephi breach ce retrain staff physician hipaa polici ocr obtain assur ce implement correct action list
## [801] NA
## [802] cover entiti ce north dalla urogynecolog report theft sever item four unencrypt laptop result breakin incid immedi report polic investig ensu approxim patients’ protect health inform phi affect breach includ patient’ name social secur number date birth lab result ce provid breach notif hhs affect individu media follow breach ce increas secur within offic implement addit physic technic administr safeguard ensur secur electron phi laptop encrypt technolog addit workforc member train retrain concern requir complianc privaci secur breach notif rule ocr obtain assur ce implement correct action list
## [803] NA
## [804] due print error patient receiv appoint remind contain patients’ protect health inform phi phi involv breach includ name medic record number type appoint schedul provid inform approxim individu follow breach addit safeguard implement prevent futur disclosur ocr review cover entity’ polici procedur ensur complianc privaci secur rule
## [805] januari cover entiti ce david e hansen dds ps report password protect comput backup disk encrypt flash drive paper dental patient record stolen breakin ce’ facil media devic contain electron protect health inform ephi approxim individu phi involv breach includ patients’ name diagnos medic clinic inform ce provid breach notif hhs affect individu media ce improv physic secur retrain workforc member ocr obtain assur ce implement correct action note
## [806] cover entiti ce home respiratori care report breach individuals’ electron protect health inform ephi result workforc member email holiday card newslett patient group email without mask recipi address action lack thereof left everi recipi email address expos may includ name well implicit indic individu receiv respiratori treatment ce provid ocr evid respond secur incid undertook step prevent risk futur secur incid implement new mail merg safeguard implement new technic safeguard sanction workforc member involv retrain entir workforc ocr provid technic assist regard hipaa secur rule
## [807] octob routin review workforc members’ use electron protect health inform ephi cover entiti ce california pacif medic center discov workforc member pharmaci depart impermiss access medic record cowork subsequ audit show octob octob workforc member impermiss use medic record total individu ephi access includ patient demograph last four digit social secur number clinic inform diagnos clinic note physician order inform laboratori radiolog data prescript inform ocr verifi ce appli employe sanction pursuant polici procedur provid breach notif hhs affect individu media retrain employe relev hipaa polici procedur
## [808] alleg hacker gain unauthor access one two hard drive desktop comput cover entiti ce dr ronald d garrettro affect approxim patients’ protect health inform ce report hard drive remov file copi hard drive format caus comput program oper system mani patient record eras dr garrettro longer cover entiti
## [809] NA
## [810] ocr open investig cover entiti ce rainier surgic inc report file drawer explan benefit contain protect health inform phi individu stolen warehous phi includ name address date birth health insur inform explan benefit case credit card number social secur number upon discov breach ce file polic report ce provid substitut notic media notif local greater individu affect ce offer one year free credit monitor servic individu whose social secur number may compromis follow breach ce retrain employe review polici procedur began store phi onsit third parti secur storag vendor ocr confirm ce took action describ
## [811] juli august cover entiti ce nation pain institut distribut outdat comput employe person use without first delet electron protect health inform ephi comput comput contain phi approxim individu includ name address date birth diagnos treatment inform ce provid breach notif hhs affect individu media respons incid ce track comput repossess comput abl locat obtain written acknowledg former employe phi comput use disclos other addit ce improv safeguard encrypt comput upgrad malwar softwar desktop comput improv network email secur improv ident manag autom standard secur devic contain ephi ce also updat hipaa polici procedur includ polici respond secur incid ocr obtain assur ce implement correct action list
## [812] NA
## [813] busi associ ba bluecross blueshield creat mail list member purpos sell medicar advantag market product activ outsid permit ba agreement breach affect individu includ demograph inform cover entiti ce tennesse rural health improv associ provid breach notif member enrol medicar supplement insur plan nonmedicar insur plan well hhs media follow breach ce revis polici implement new technic safeguard improv physic secur addit retrain workforc appropri usag protect health inform phi minimum necessari determin use disclosur phi ocr review ba agreement place ce ba determin met requir hipaa breach notif rule ocr obtain assur ce implement correct action list
## [814] NA
## [815] henri ford health system cover entiti ce report breach occur octob physician lost portabl electron devic “flash” drive physician fail adher ce’ polici mandat use employerissu flash drive padlock breach affect individu protect health inform phi involv breach includ clinic demograph inform follow breach ce provid breach notif affect individu media hhs also sanction employe involv breach base sever noncompli ocr obtain document assur ce implement correct action step ocr provid substanti technic assist ce secur rule’ risk analysi requir ce provid written assur ocr will creat robust asset manag program next month provid document ocr complet enterpris data map asset inventori decemb submit fulli execut copi busi associ agreement baa ocr upon signatur master servic agreement msa statement work sow data map servic vendor chosen review consolid exist investig ce
## [816] NA
## [817] novemb employe cover entiti ce saint loui counti depart health resign posit impermiss email person email account spreadsheet use reconcil bill medic servic provid ces patient type protect health inform phi contain spreadsheet includ name social secur number date servic approxim patient along name medic provid ce provid breach notif hhs affect individu media also file polic report ce termin former employee’ access patient databas retrain employe hipaa polici procedur regard hipaa ocr obtain assur ce implement correct action list
## [818] cover entiti ce veteran health administr discov public face telehealth websit administ one busi associ ba authentid hold corpor potenti impermiss disclos protect health inform phi individu type phi potenti involv breach includ name address birthdat phone number va patient identif number veteran use telehealth system ce provid breach notif individu hhs media also provid credit monitor affect individu ocr verifi ce proper ba agreement place restrict ba’ use disclosur phi requir ba safeguard phi upon discoveri breach ce took step enforc requir ba agreement determin renew agreement identifi ba ce report longer busi identifi ba ocr open separ case review ba’ complianc hipaa secur rule
## [819] cover entiti ce mdinr llc discov novemb inform technolog employe sent unsecur email manufactur repres email attach spreadsheet includ patients’ protect health inform phi phi attach excel spreadsheet includ patients’ name bill account number patients’ report date intern site code address ceaffili facil deliv equip follow breach ce sanction employe caus breach written warn ce confirm practic provid hipaa train new employe within day hire safeguard data provid system access employe base employee’ job titl role ce provid breach notif hhs notic affect individu media notic provid due fewer affect individu one state ocr obtain assur ce implement correct action list
## [820] cover entiti ce murali menon physician skin weight center report novemb employee’ password protect laptop comput extern hard drive contain protect health inform phi individu stolen lock vehicl theft discov within hour polic immedi notifi type phi involv breach includ demograph financi clinic inform includ name address date birth social secur number credit cardbank account number claim inform treatment inform ce provid breach notif hhs media affect individu provid affect individu one year free credit monitor result ocr’ investig ce discontinu use extern hard drive encrypt laptop within day addit ce revis polici regard remov electron devic work site retrain staff provid ocr polici procedur regard administr physic technic safeguard electron phi
## [821] member cover entity’ ce mainten team improp dispos four box paper record contain protect health inform phi approxim individu error cours offic move within build trash collect ce’ trash remov vendor next day transport recycl plant phi involv breach includ name address identif number includ social secur number home phone number physician inform health care plan group number ce abl determin whether someon recycl center may acquir view phi ce independ blue cross provid breach notif hhs media affect individu ce offer member member identif number compromis one year free credit monitor result ocr’ investig ce revis polici procedur trash dispos well mainten dispos provid report ce also sent remind associ regard polici procedur proper handl paper document proper dispos trash document contain phi furthermor ce sanction employe respons incid ce initi plan provid addit staff train hipaa polici procedur trash dispos
## [822] NA
## [823] decemb cover entiti ce merci medic center’ red oncolog clinic report electron protect health inform ephi access internet busi associ ba writetyp inc left ephi websit websit contain ephi approxim individu includ name address medic record number physicians’ name clinic inform diagnos medic lab report treatment inform ce provid breach notif hhs affect individu media ce revis polici procedur ocr obtain assur ce implement correct action note
## [824] person laptop comput belong employe cover entiti ce corval clinic pc stolen employee’ lock automobil stolen laptop contain electron protect health inform ephi individu includ patients’ name address date birth phone number appoint date name treat provid ce provid requir notif breach notif rule follow breach ce sanction involv employe implement network access control softwar restrict employe gain access intern network resourc use person own equip ocr’ investig confirm appropri notif made correct action step taken
## [825] octob employe cover entiti ce pediatr gastroenterolog consult pc discov laptop own ce stolen vehicl laptop passwordprotect unencrypt contain electron protect health inform ephi approxim individu specif contain patients’ first last name date birth date servic medic inform includ medic histori lab test result diagnos medic treatment recommend ce provid breach notif hhs affect individu media follow breach ce implement correct action encrypt employe secur train prevent similar breach occur futur ocr obtain assur ce implement correct action list
## [826] cover entiti ce walgreen mail patient notif letter incorrect third parti letter includ first last name address date birth phone number provid name detail vaccin administ affect approxim individu ce provid breach notif hhs affect individu media place notic websit follow breach ce resolv issu use electron health record ehr factor breach updat data prescrib databas train staff new requir result ocr’ investig walgreen improv safeguard resolv two issu use ehr
## [827] n
## [828] novemb cover entity’ ce presid receiv anonym email threaten releas protect health inform phi hospit clinic patient public unless receiv substanti payment ce threat affect patient visit hospit februari approxim individu ce determin ce’ server hack inform system compromis ocr determin voluntari correct action ce resolv matter nonetheless ce provid breach notif hhs potenti affect individu media offer ident theft protect notifi individu addit ce develop encrypt program network audit program retrain staff newli implement program privaci secur polici ocr obtain document assur ce implement correct action step note
## [829] decemb cover entiti ce district medic group report workforc member use thumb drive work home content thumb drive becam access internet media devic contain electron protect health inform ephi approxim individu phi involv breach includ name address social secur number transact amount clinic inform ce provid breach notif hhs affect individu media ce revis polici procedur retrain workforc member ocr obtain assur ce implement correct action note
## [830] ocr determin breach occur case
## [831] busi associ ba comput program system inc adjust cover entiti ce firewal manner potenti expos protect health inform phi individu internet type phi includ patient name address date birth treatment inform social secur number individu ce sent time breach notif hhs affect individu media ce also post notif breach websit respons breach ce implement addit firewal safeguard procedur began monitor traffic websit began conduct extern vulner scan ocr obtain assur ce implement correct action list
## [832] NA
## [833] employe cover entiti ce florida depart health sent unencrypt email attach contain electron protect health inform ephi patient four physician intend recipi email ephi attach includ patients’ date birth social secur number screen test result diagnos ce provid breach notif hhs affect individu media follow breach ce contact recipi email verifi email delet ephi use disclos respons workforc member submit resign ce’ investig complet ce also review privaci secur polici procedur retrain staff ocr obtain review copi ce’ polici procedur document staff train
## [834] ocr open investig cover entiti ce hear zone report unencrypt laptop comput contain electron protect health inform ephi form demograph inform name date birth clinic inform hear test result stolen clinic breach affect ces patient patient three clinic ce provid audiolog servic pursuant agreement clinic upon discov breach ce file polic report polic recov laptop week later ce provid breach notif hhs affect individu offer affect individu credit monitor servic upon request result ocr’ investig substanti technic assist ce provid breach notif media develop written polici procedur implement secur awar workforc implement encrypt secur measur workstat network contain transmit ephi
## [835] cover entiti ce north big horn hospit report octob discov emerg depart ed logbook contain protect health inform phi lost affect individu logbook contain demograph clinic inform patient seen ed may octob ce provid breach notif hhs affect individu media ocr obtain review ces relev hipaa polici procedur provid technic assist august ce report recent reorgan found report logbook lock offic shelf behind sever binder accord ocr close investig
## [836] NA
## [837] n
## [838] cover entity’ ce print mail sort vendor administep improp stuf mail letter contain enrollees’ name address subscrib identif claim amount servic descript breach affect approxim ce’ enrolle ce provid breach notif hhs media affect individu offer individu free oneyear ident theft protect servic respons incid ce provid evid place busi associ ba respons breach correct action plan requir ba complet document qualiti assur check new implement modif mail project includ administr sign off ongo random audit sampl envelop project ocr obtain assur ce implement correct action list
## [839] burglar stole two laptop comput cover entity’ ce offic one stolen laptop contain protect health inform phi individu includ first last name eyeglass prescript ce provid breach notif hhs affect individu media follow breach ce purchas new laptop password protect automat shutoff featur also retrain staff secur ocr obtain document ce implement correct action took matter
## [840] NA
## [841] n
## [842] employe metro plus health plan inc email two unencrypt file person work email address contain electron protect health inform ephi member health plan includ members’ name address date birth social secur number metro plus health plan cover entiti ce provid breach notif hhs media affect individu includ offer one year credit monitor servic ce also document unauthor disclosur members’ ephi account disclosur purpos follow breach ce conduct intern investig sanction employe ensur ephi delet employee’ person email account remind employe regard prohibit email members’ ephi person email account addit ce expect conduct risk analysi implement correspond risk manag plan requir secur rule
## [843] august assist us attorney contact ce kirkbrid center advis individu arrest florida tri ident theft individu hard copi ce’ daili census report contain patients’ name date birth social secur number affect approxim individu arreste known direct tie ce’ facil convict ident theft ce’ intern investig determin rogu employe stole report ce continu investig hope determin employe respons theft ce provid breach notif hhs media affect individu post notic websit ce also offer affect individu one year free ident theft protect due ocr’ investig ce began use new bill softwar system allow revis daili census report exclud patients’ date birth social secur number furthermor ce revis report distribut process limit distribut report specif unit personnel
## [844] employe cover entiti ce brigham women’ hospit encrypt laptop cell phone stolen arm robberi forc disclos password encrypt key robberi devic contain protect health inform phi individu type phi involv breach includ name medic record number age diagnost inform respons ocr’ investig ce initi new enterpris wide risk analysi
## [845] ocr investig cover entiti ce reevewood eye center ce report breach individuals’ electron protect health inform ephi regard malwar infiltr electron network around august septemb malwar caus among thing system disclos screenshot keystrok outsid ce’ network type ephi involv breach includ patient name social secur number date birth address telephon number date servic insur inform diagnosi code treatment inform medic histori ce inform cooper fbi regard incid respons ocr’ contact matter ce ensur proper breach notif provid clear system malwar took step increas safeguard technic secur measur
## [846] employe cover entity’ ce health care compon depart health human servic email file contain electron protect health inform ephi person webbas email account octob complet work offsit breach affect ephi individu includ demograph financi clinic inform ce provid breach notif individu media hhs follow breach ce sanction involv employe retrain employe also strengthen administr technic physic safeguard ephi analyz risk ephi took step manag risk regard ephi also revis written secur polici procedur ocr obtain assur ce implement correct action note
## [847] n
## [848] ocr investig cover entiti ce loi luu md ce report breach individuals’ protect health inform phi electron phi due lost stolen comput equip compromis lab result around septemb breach affect patients’ name address phone number date birth social secur number medic insur inform andor blood test result ce report incid local law enforc respons ocr’ contact matter ce ensur proper breach notif provid took step prevent risk futur physic theft incid offic ad lock camera alarm increas technic control ephi util encrypt softwar conduct risk assess adopt hipaa polici procedur engag hipaa train ce provid document correct step ocr
## [849] NA
## [850] cover entiti ce visionwork inc mislaid partial encrypt decommiss comput server instor lab annapoli maryland recov server’ hard drive contain unencrypt protect health inform phi approxim individu phi server contain demograph financi clinic inform follow breach ce fulli encrypt server locat replac server ce provid breach notif hhs affect individu media offer one year free credit monitor ce also sent letter state attorney general post inform ce’ websit regard server incid addit ce retrain workforc member institut new train requir privaci secur awar provid refresh train incid manag follow ocr’ investig ce secur server cabl lock test instal maximum secur system encrypt hard drive server addit ce complet companywid server inventori hard drive destruct perform physic audit servers’ box addit ce creat comprehens system dispos plan
## [851] NA
## [852] NA
## [853] n
## [854] n
## [855] employe cover entiti ce sent group email current former patient invit cancer awar event mistaken fail mask recipi email address breach affect protect health inform phi individu expos name implicit indic may receiv cancer treatment ce recal email immedi investig breach ce provid breach notif hhs affect patient media post substitut notic websit ce establish call center answer question patient ce counsel involv employe employee’ supervisor reinforc depart employe instruct regard use group email import keep patients’ email confidenti ce review revis privaci program march septemb includ guidelin secur electron phiemail addit ce confirm use encrypt program ensur secur integr data ocr obtain assur ce implement correct action list
## [856] n
## [857] employe cover entiti ce veteran health administr portland va medic center took home paper list patients’ protect health inform phi work weekend forgot return inform employee’ husband subsequ found list garag six month later list includ name social secur number provid name elig code diagnost clinic demograph inform individu employee’ husband found list return phi sign statement made copi document knew other view list ce retrain employe took list home ce provid breach notif hhs media affect individu offer free credit monitor year ocr’ investig confirm ce took correct action step list provid substitut notif
## [858] octob cover entiti ce burlington northern santa fe group benefit plan report breach workforc member busi trip lost unsecur flash drive contain employees’ protect health inform phi flash drive contain demograph clinic inform individu ce provid breach notif hhs affect individu media follow incid ce sanction workforc member revis polici limit abil employe transfer phi portabl devic instal encrypt softwar retrain staff privaci secur polici ocr obtain assur ce implement correct action list
## [859] encrypt server stolen cover entiti ce multilingu psychotherapi center inc octob result breakin server contain protect health inform phi individu includ patients’ name date birth social secur number address medicaid id number ce provid notic hhs individu whose inform contain stolen server follow incid ce increas physic safeguard modifi polici develop plan train workforc specif regard data secur breach ocr determin ce adequ polici procedur place secur electron inform via encrypt ocr’ guidanc ce provid media notic alter procedur ensur notif perform event breach affect individu
## [860] cover entiti ce tribeca medic center report octob patients’ medic record store ce’ storag shed stolen breach affect potenti patient protect health inform phi includ name address zip code telephon number date birth social secur number health plan inform diagnos medic clinic histori ce provid breach notif hhs affect individu media result ocr’ investig ce ceas store phi storag unit
## [861] former employe mistaken took home basket item includ document contain protect health inform phi patient flag shred document taken elementari school materi store employe home summer phi includ social secur number diagnosi code guardians’ name phone number supervisor recommend concern treatment insur identif code cover entiti ce seven counti servic provid breach notif hhs affect individu media place conspicu notic websit set toll free inform number ce investig breach interview involv individu result ocr’ investig ce develop new hipaa awar train focus protect paper record revis hipaa polici procedur regard dispos document contain phi retrain staff new polici procedur
## [862] n
## [863] NA
## [864] group xray poor qualiti place cover entity’ ce trash contain destruct clean personnel mistook xray regular trash dispos usual manner ce graybil medic center initi immedi search xray alreadi taken landfil breach occur septemb affect patient protect health inform phi contain patients’ name address date birth physicianmed provid inform possibl imag area patients’ bodi ce provid breach notif hhs affect individu media offer credit monitor follow breach ce improv safeguard order lock bin xray destroy order cover phi transport implement procedur requir xray recycl week easili distinguish regular trash ce also retrain workforc hipaa polici ocr obtain assur ce implement correct action list
## [865] NA
## [866] multipl laptop comput contain ekg strip lost stolen unaccount cover entiti ce citi dalla firerescu depart electron protect health inform ephi laptop includ ekg strip addit name address medic histori diagnos date birth social secur number approxim individu upon discov breach ce form breach assess team review address investig find ce provid breach notif hhs affect individu media ce improv physic secur address defici within system ocr obtain assur ce implement correct action list
## [867] employee’ husband also contractor cover entiti ce southwest virginia physician women stole protect health inform phi offic obtain access paper chart record phi involv breach includ clinic inform affect approxim individu ce help virginia state polic retriev phi day stolen ce provid breach notif hhs affect individu media post substitut notif websit follow breach ce transit paper electron chart updat login logoff password polici procedur author user onlin record manag system ce also updat polici regard requir busi associ agreement result ocr’ investig ce complet risk analysi implement new physic secur procedur retrain staff regard chang
## [868] n
## [869] unknown third parti intrud hack server busi associ ba maintain electron health record cover entiti ce penn highland brookvill breach potenti affect protect health inform phi individu includ name date birth social secur number clinic inform ce provid breach notif hhs affect individu media offer affect individu one year credit monitor follow breach ce termin relationship ba ocr initi complianc review ba juli learn longer busi act ba result ocr’ investig ce develop checklist use ensur electron health record system use medic practic acquir ce compli hipaa privaci secur rule ensur proper ba agreement place
## [870] juli septemb busi associ ba mistaken sent postcard cover entity’ ce client contain viewabl protect health inform phi breach phi includ name address refer client’ status public assist client receiv behavior health care servic result breach affect approxim individu ce provid breach notif hhs affect individu media follow breach ce ba ceas use postcard conduct client satisfact oper implement new polici procedur address circumst led breach ce ba also counsel train employe respons approv postcard provid addit privaci train workforc member depart respons approv mail ocr obtain assur ce ba implement correct action note
## [871] n
## [872] n
## [873] n
## [874] cover entiti ce south texa veteran health care system incorrect mail letter anoth veteran’ protect health inform phi print side type phi involv breach includ patients’ name address medic inform ce provid breach notif hhs affect individu media result ocr’ investig ce updat procedur fulfil mail request issu memorandum print shop staff revis procedur form
## [875] n
## [876] n
## [877] n
## [878] n
## [879] thiev took two notebook comput belong cover entiti ce albertina kerr center contain electron protect health inform ephi patient ce report burglari local law enforc neither comput recov comput encrypt certain cach file email unencrypt type ephi involv breach includ name address date birth social secur number phone number medic treatment ce provid breach notif hhs affect individu media post substitut notic websit prevent similar breach happen futur ce enhanc mobil devic secur encrypt improv physic secur facil revis polici procedur retrain workforc member ocr obtain assur ce implement correct action list
## [880] n
## [881] n
## [882] n
## [883] juli two passwordprotect unencrypt laptop comput belong cover entiti ce american famili care stolen employee’ vehicl busi travel laptop contain electron protect health inform ephi individu includ differ type data differ individu patients’ name date visit patient identif number social secur number date birth specif health inform ce provid breach notif hhs affect individu media follow breach ce contact local polic depart conduct intern investig ce also revis hipaa polici procedur retrain workforc encrypt laptop
## [884] ten encrypt laptop comput one extern hard drive contain electron protect health inform ephi approxim individu stolen cover entiti ce compassion care hospic central louisiana laptop contain two report first report list name age admit discharg date locat medic class item relat patient second report contain name patient hard drive contain one file bereav report list name address phone number date death deceas patient ce provid breach notif hhs affect individu media follow breach ce remot wipe stolen laptop addit inventori assess devic equip contain ephi brought complianc ce’ polici includ encrypt requir ocr obtain copi ces current risk analysi risk manag plan evid implement secur measur includ evid secur measur reduc risk comput theft
## [885] august madison street provid network cover entiti ce discov employee’ unencrypt laptop comput stolen lock car laptop contain email contain patients’ name date birth telephon number clinic inform ce determin beach affect individu ce provid breach notif affect individu media hhs follow breach ce encrypt laptop updat revis hipaa polici counsel respons employe ocr provid ce technic assist regard secur manag process accur thorough identifi mitig risk pose receipt mainten transmiss electron protect health inform
## [886] NA
## [887] n
## [888] n
## [889] n
## [890] n
## [891] NA
## [892] march santa fe medic groupatrinea health file chapter bankruptci petit provid ocr document petit circumst santa fe medic groupatrinea health longer cover entiti subject requir hipaa
## [893] n
## [894] around may cover entiti ce aventura hospit medic center discov employe valesco ventur contractor provid staf ancillari servic inappropri access protect health inform phi patient includ demograph inform ce provid breach notif hhs affect individu media also post substitut notic websit ce offer credit monitor ident theft protect affect individu follow breach ce retrain workforc hipaa privaci secur polici procedur addit ce updat audit function captur similar unauthor activ futur ce review access system’ user made chang need also increas approv level anyon can access system ce revis busi associ contract busi partner ce also improv technic safeguard perform new risk analysi creat updat risk manag plan ocr obtain assur ce implement correct action list
## [895] cover entiti ce cedarssinai health system report employee’ unencrypt laptop comput stolen residenti burglari although comput use primarili troubleshoot patholog softwar electron protect health inform ephi approxim individu potenti store temporari file laptop’ hard drive ce termin laptop’ remot access capabl conduct intern investig although ce’ laptop encrypt per polici encrypt laptop disabl helpdesk servic provid provid assist ce provid breach notif hhs affect individu media post notic incid websit ce learn ident theft misus potenti affect inform result incid follow ocr’ investig ce updat polici procedur relat storag transmiss encrypt ephi well enforc employees’ adher polici procedur
## [896] n
## [897] print pharmaci report contain protect health inform phi patients’ prescript disclos acquaint former pharmaci employe sebr florida phi involv breach includ name address prescrib medic approxim individu ce provid breach notif hhs affect individu media ce also contact law enforc reinforc pharmaci staff ce’ hipaa polici procedur pertain appropri use disclosur safeguard phi ocr obtain written assur ce implement correct action list
## [898] n
## [899] n
## [900] cover entiti ce bon secour kentucki discov suspici activ bill softwar user account former employe ce found proper deactiv access put risk demograph clinic inform individu ce provid breach notif hhs affect individu post substitut notic websit media notic perform number affect individu state less respons breach ce revis access monitor polici central access allow procedur ocr obtain assur ce implement correct action list
## [901] result burglari comput two laptop camera stolen cover entiti ce ent partner texa system contain electron protect health inform ephi individu phi involv breach includ various name audiolog test date birth ct scan clinic photograph skin laptop comput password protect ce notifi law enforc soon breakin discov breach notif provid hhs affect individu media substitut notic post ce’ websit ce’ offic follow breach ce chang access password ephi ce’ inform technolog provid initi monitor detect whether stolen laptop connect internet provid may attempt remot eras breach ephi sinc breakin ce improv physic secur ce improv technic safeguard instal remot wipe softwar laptop phone move patient data softwar password protect encrypt server addit ce updat polici procedur prohibit public access ce’ wireless network empti content camera daili follow ocr’ investig ce implement process track secur incid updat electron system
## [902] n
## [903] n
## [904] n
## [905] NA
## [906] cover entiti ce bullock pediatr group llc rent two lock storag unit facil burglar metal shelv box contain protect health inform phi approxim individu strewn floor along document box document contain demograph financi clinic inform includ explan benefit eob form insur compani clear check credit card inform balanc sheet end day report social secur number possibl name address ce provid breach notif hhs affect individu media post notif websit also offer one year free credit monitor follow breach ce move document anoth storag facil improv safeguard addit ce destroy document pursuant state medic record retent law ocr obtain assur ce implement correct action list
## [907] n
## [908] juli memori hermann health system audit program identifi workforc member inappropri access protect health inform phi approxim individu cover entiti ce provid breach notif hhs affect individu media also prompt termin involv workforc member ocr review copi ces polici procedur relat incid inform relat hipaa train program audit protocol place time incid follow incid ce took correct action includ expand audit program hire addit audit staff
## [909] n
## [910] cover entiti ce metropolitan govern nashvill davidson counti public health depart report juli reloc children special servic clinic two small metal file unit hold standard size paper index card patient seen css clinic inadvert tip index card fell file unit index card contain full name address date birth social secur number diagnosi code patient ce provid breach notif hhs affect individu media place conspicu notic websit offer credit monitor ident theft protect affect individu respons incid ce investig interview relev staff contractor’ employe review surveil record result investig ce elimin index card system reevalu process retent use paper record creat implement addit hipaa polici procedur retrain staff ocr obtain assur ce implement correct action list
## [911] n
## [912] n
## [913] n
## [914] NA
## [915] n
## [916] NA
## [917] n
## [918] staff member cover entiti ce oklahoma citi indian clinic sent email recipi erron includ attach contain electron protect health inform ephi individu follow attempt recal messag correct email without attach sent ask recipi delet erron email attach ephi involv breach includ patients’ name chart number email address ce provid breach notif hhs affect individu media provid substitut notic follow breach ce retrain staff encrypt polici addit ce improv safeguard develop polici regard electron transmiss patient inform polici limit identifi patient inform contain electron communic within ce’ network requir password protect electron file includ ephi result ocr’ investig ocr obtain assur correct action list complet
## [919] NA
## [920] NA
## [921] n
## [922] august employe termin caus took emerg depart ed log patient cover entiti ce triciti medic center gave california depart public health dph north counti newspap upon learn theft ce contact dph advis log give local polic depart ce file report theft ce contact local polic depart creat report patients’ electron protect health inform ephi ce provid breach notif hhs affect individu media creat number provid inform affect patient ce improv safeguard reformat ed log requir emerg medic treatment labor act emtala handl electron place ed paper log lockedsecur cabinet convert lock reloc printer fax secur area ce also retriev ed log polic depart retrain entir workforc develop facil polici track checkin checkout facil log ocr obtain written assur ce implement correct action list
## [923] august cover entiti ce univers health report breach professor citi colleg san francisco notifi email secur issu protect health inform phi ea conway medic center contain unsecur server access onlin type phi involv breach includ financi medic inform affect individu ce immedi took server offlin discontinu unauthor access ce provid breach notif hhs affect individu media follow incid ce hire thirdparti compani conduct assess thorough extern penetr test ocr obtain assur ce implement correct action list
## [924] cover entiti ce children merci hospit report protect health inform phi individu store onlin registr system subcontractor onsit health diagnost busi associ ba staywel health manag hack hack inform includ name encrypt password email address physic address phone number gender date birth subcontractorgener password encryptedhash render unus ce provid breach notif hhs affect individu media ce report subcontractor move data affect schedul applic move client new schedul platform complet decommiss vulner platform subcontractor also conduct comprehens secur audit found improp use protect health inform vulner result ocr investig ce provid document substanti action taken
## [925] n
## [926] n
## [927] cover entiti ce state tennesse state insur plan discov june onsit health diagnost subcontractor busi associ ba american healthway servic experienc secur incid unknown sourc gain unauthor access onlin schedul period januari april incid result unauthor access inform tabl contain name date birth address email address phone number gender individu ce ba agreement place ba ce provid breach notif hhs demand ba submit correct action plan make sure problem led breach remedi subcontractor provid breach notif hhs sent individu notif provid media notic subcontractor offer ident protect affect individu transit custom improv schedul system ocr obtain assur ce ce ba subcontractor implement correct action note
## [928] june physician cover entiti ce discov busi associ ba pst servic hire offshor subcontractor gebb repurpos comput server contain protect health inform phi ce’ patient reus server made phi potenti avail internet decemb april phi includ patient name invoic number procedur code charg amount balanc due polici number billingrel status comment date servic respons breach ce ensur server taken offlin phi destroy subcontractor submit document state breach phi destroy ce inform ocr longer work subcontractor ce provid breach notif hhs affect individu media also provid affect individu one year free credit monitor ce initi plan work bas strengthen secur protocol prevent type breach occur futur ocr obtain assur ce ba implement correct action list
## [929] decemb subcontractor physician pc compass health inc williamson medic center’ former busi associ ba unintent made comput server contain protect health inform phi potenti avail access internet phi potenti avail internet includ name date servic charg amount bill code patient ce investig verifi ba subcontractor taken necessari correct step mitig breach specif subject server remov public internet access data provid subcontractor destroy cach page remov addit ce work ba provid breach notif hhs affect individu media also post substitut notic websit addit ce review confirm ba agreement contain provis address subcontractor data secur conduct indepth review risk analysi separ breach investig open ba physician pcin compass health inc ocr review ba agreement breach notif rule polici determin suffici
## [930] n
## [931] n
## [932] cover entiti ce kaiser foundat health plan colorado report juli erron mail letter contain protect health inform phi incorrect recipi affect individu letter contain name anoth program member chronic condit manag program ce provid breach notif hhs affect individu media result ocr investig ce sanction retrain respons employe
## [933] n
## [934] n
## [935] n
## [936] n
## [937] ocr notifi cover entiti diatherix electron protect health inform ephi patient potenti access onlin ce conduct intern investig determin busi associ ba diamond comput compani inc maintain insecur file transfer protocol ftp site contain ephi approxim individu ephi involv breach includ name social secur number date birth address diagnos bill inform well data respons incid ce engag data forens firm determin scope caus breach ce provid breach notif hhs media affect individu offer one year ident theft protect addit ce perform risk assess took step remov cach copi ephi internet revis exist polici ensur vendor enforc appropri secur measur protect ephi result ocr’ investig ocr obtain assur correct action list complet
## [938] n
## [939] n
## [940] cover entiti ce cancer specialist tidewat notifi chesapeak virginia polic depart employe arrest charg take credit card inform patients’ belong offic visit breach report indic individu affect type protect health inform phi involv breach includ demograph financi inform follow ce’ investig electron audit provid breach notif total patient hhs media post substitut notic websit follow breach ce conduct risk assess upgrad breach detect softwar increas audit capabl also conduct employe train ocr obtain written assur ce implement correct action list addit ce termin employ involv employe
## [941] n
## [942] box contain paper prescript record remov backroom cover entity’ ce milton wa locat box contain protect health inform phi approxim individu includ name address date birth ce provid breach notif affect individu hhs media ce offer one year free ident theft protect affect individu follow breach ce improv physic safeguard move remain hard copi prescript record secur area ce contact store region ensur prescript record appropri secur result ocr’ investig ce clarifi phi storag polici store manag washington state implement new secur procedur affect locat ocr provid ce technic assist regard adequ safeguard phi well constitut adequ notic media pursuant breach notif rule
## [943] may unencrypt laptop comput stolen compani closet laptop contain protect health inform phi approxim individu includ name data medic test cover entiti ce provid breach notif hhs affect individu media also notifi polic follow breach ce sanction retrain employe respons secur comput implement new polici procedur improv safeguard phi ocr obtain written assur ce implement correct action list
## [944] n
## [945] anoth provid veronica joann barber od vb copi cover entity’ ce entir data base use electron protect health inform ephi solicit patient practic vb work ce’ offic spaceshar agreement ce termin agreement ce request vb ceas desist use phi agre theft occur decemb affect individu ephi involv breach includ individuals’ name social secur number address driver’ licens date birth identifi credit card bank account number claim inform financi inform diagnos medic condit medic treatment inform ce provid breach notif hhs affect individu follow breach ce instal comput firewal base ocr’ provis technic assist ce notifi media complet risk assess also improv safeguard deni access unlicens person comput system updat polici procedur regard comput user name password ce improv physic safeguard move comput ephi behind foot tall counter
## [946] n
## [947] may passwordprotect unencrypt laptop comput contain protect health inform phi patient stolen cover entity’ ce administr offic breakin phi involv breach includ patients’ name social secur number driver licens number treat physician name insur polici number patient account number servic date diagnosisprocedur inform payment card inform financi account inform possibl address ce provid breach notif hhs media affect individu offer credit monitor ce also contact local polic depart conduct intern investig follow breach ce revis hipaa polici procedur retrain entir workforc polici procedur ce also improv facil access safeguard encrypt comput ocr obtain assur ce implement correct action list
## [948] former affili cover entity’ ce former busi associateba mckesson corpor provid special bill servic unintent made record contain patient inform potenti access internet protect health inform phi approxim individu access use specif googl search term decemb april former ba immedi safeguard inform made inaccess internet former ba confirm web server proper remov public internet access confirm former affili data issu destroy contact googl ensur cach page destroy confirm inform access web search former ba also confirm former affili inform avail via comput server issu server ce confirm former ba’ polici relat data secur complianc ce’ data secur requir ce provid breach notif hhs affect individu media offer credit monitor affect individu ocr obtain written assur ce ba implement correct action list
## [949] april cover entiti ce puerto rico health insur administr also known administracion de seguro salud de puerto rico report hhs januari becam awar sometim octob former employe american health medicare’ ahm busi associ ba tripl advantag solut copi beneficiaries’ electron protect health inform ephi onto compact disk took home unknown period time subsequ download onto comput new employ ephi includ enrol inform ce’ beneficiari includ name date birth contract number health insur claim number home address social secur number ahm act ce ba provid breach notif affect individu media result ocr’ investig ce commit conduct risk analysi implement risk manag plan revis polici procedur retrain staff within specifi period
## [950] cover entiti ce sent batch generic letter member inform new communiti base outpati clinic open erron caus anoth member’ full name address appear back side document ce provid breach notif hhs affect individu media also post notic websit prevent similar breach happen futur ce implement qualiti assur check batch mail ocr obtain assur ce implement correct action list
## [951] offic cover entiti ce bay area pain manag associ broken three desktop comput stolen one unencrypt document stolen comput contain name date servic individu respons breach ce improv physic safeguard ad secur alarm system increas secur featur door ce improv technic safeguard implement encrypt file manag program result ocr’ investig ce improv hipaa practic
## [952] bag contain compact disk read memori cdrom stolen vehicl physician associ cover entiti ce cdrom involv breach contain name date birth social secur number medic histori treatment inform approxim individu follow breach ce file polic report provid breach notif affect individu hhs media ce sanction retrain physician whose bag stolen implement organ wide improv complianc privaci secur rule result ocr investig cover entiti post substitut notif breach local paper confirm correct action step taken
## [953] cover entiti ce indian health servic ih rosebud servic unit report may employe left folder record contain protect health inform phi public restroom ihs’ rapid citi hospit hospit meet folder contain record individu includ patient name social secur number ce provid breach notif hhs affect individu media also offer credit monitor ident theft insur affect individu follow breach ce sanction employe ocr obtain written assur ce will implement polici procedur regard breach notif mitig accord technic assist provid ocr pursuant investig
## [954] n
## [955] n
## [956] n
## [957] one laptop two desktop comput contain electron protect health inform ephi patient stolen breakin cover entiti ce haley chiropract clinic machin clinic’ electron health record ehr applic passwordprotect devic encrypt one desktop comput provid access webbas ehr system includ name treatment note address phone number date birth insur inform social secur number stolen laptop contain patients’ name social secur number height weight rang motion data ce file polic report provid breach notif hhs affect individu media post substitut notic websit follow breach ce improv safeguard instal new physic secur alarm video surveil system chang comput password encrypt comput ocr’ review found media notic compli content requir breach notif rule base ocr’ technic assist ce provid compliant notic region media
## [958] health profil care summari correspond cover letter incorrect mail senior member cover entiti ce highmark health physician protect health inform involv breach includ name address telephon number date birth uniqu medic identifi umi gender medic health inform individu ce provid breach notif hhs media affect individu follow breach ce issu new umi member impact incid ce determin process failur employe root caus incorrect mail subsequ termin employe result ocr investig ce institut new qualiti review procedur mail retrain employe privaci practic department polici process procedur ocr obtain detail ces revis polici health profil assur includ minimum necessari inform
## [959] montana depart public health human servic cover entiti ce experienc server hack incid due undetect unpatch applic code vulner allow misus inform system resourc month incid affect million individuals’ demograph clinic andor financi inform upon discoveri ce immedi took affect server offlin report incid state feder law enforc conduct investig assist independ forens firm ce provid breach notif hhs affect individu media also set call center offer credit monitor ident theft servic elig individu ocr confirm ce implement number correct action result incid includ technic enhanc safeguard protect inform system network resourc ocr provid substanti technic assist ce implement altern safeguard polici procedur effect identifi remedi potenti vulner serverhost applic
## [960] june cover entiti ce dj optic suspect former independ contract optometrist creat credenti access electron protect health inform ephi without author inappropri access expos demograph clinic inform individu ce file breach report hhs met requir breach notif rule respons suspect incid ce increas secur access server softwar elimin wireless internet capabl offic strengthen procedur password access ocr review evid subsequ investig comput forens expert reveal inappropri access occur ephi disclos
## [961] n
## [962] NA
## [963] employe cover entiti ce alabama depart public health disclos protect health inform phi approxim individu third parti potenti tax fraud purpos feder law enforc inform ce breach march us district court middl district alabama indict workforc member respons breach crimin activ relat breach longer employ ce follow breach ce implement addit safeguard
## [964] n
## [965] n
## [966] cover entiti ce riversid counti region medic center report around june laptop comput use electromyographi emg machin lost stolen laptop contain patients’ electron protect health inform ephi includ patients’ name medic record number date birth age gender patients’ height weight physicians’ name clinic data studi report ce provid breach notif hhs affect individu media also report incid local law enforc follow breach ce encrypt laptop lock depart nonbusi hour chang emg data transfer process addit ce took step address gap secur manag program safeguard ephi especi two addit lost stolen laptop breach incid occur within six month period ocr investig joint breach ocr obtain assur ce implement correct action note provid technic assist requir hipaa secur rule
## [967] workforc member physic therapist access electron health record system obtain patients’ name address telephon number purpos contact solicit patient join new physic therapi practic cover entiti ce sloan stecker physic therapi pc provid breach notif hhs affect individu media post substitut notic websit also ce provid free credit monitor affect individu follow breach ce retriev patient inform retrain staff result ocr’ investig technic assist ce expect perform enterprisewid risk analysi establish risk manag plan also expect implement mechan record examin activ inform system contain use electron phi addit ce expect implement secur incid polici procedur implement procedur ident verif access electron phi provid train staff newli implement polici procedur
## [968] unencrypt laptop comput contain protect health inform phi stolen colorado neurodiagnostics’ lock offic april affect approxim individu phi laptop includ patients’ name date birth diagnos condit laboratori result medic treatment inform cover entiti ce provid breach notif affect individu media hhs also immedi file polic report implement addit physic safeguard result ocr’ investig technic assist ce conduct risk analysi develop risk manag plan encrypt electron devic contain phi implement addit technic safeguard
## [969] two unencrypt desktop comput one unencrypt laptop comput stolen burglari breach affect individu type protect health inform phi involv includ patients’ name social secur number address date birth medic inform upon learn theft cover entiti ce hire legal firm assist respond notifi individu affect ce provid breach notif hhs affect individu media follow breach ce hire special data secur personnel conduct secur rule risk analysi implement risk mitig plan reflect current work environ addit ce improv safeguard updat polici procedur portablemobil devic encrypt electron equip ce complet secur awar train workforc member ocr obtain document ce implement correct action note provid technic assist regard hipaa secur rule
## [970] n
## [971] n
## [972] individu hack dentrix softwar cover entiti ce lanap implant center pennsylvania david digiallorenzo post patients’ protect health inform phi “bittorrent” websit distribut file internet piratebaycom breach involv phi individu includ name well date birth social secur number individu ce provid breach notif hhs affect individu whose phi compromis media well substitut notif follow breach ce receiv secur updat dentrix result ocr’ investig ce increas safeguard implement secur measur electron system
## [973] n
## [974] n
## [975] n
## [976] thumb drive contain data pertain xray provid februari may believ stolen staff member locker burglari occur june santa rosa memori imag center thumb drive contain inform pertain xray provid redwood region medic group santa rosa memori hospit type electron protect health inform ephi includ breach includ name medic record number date birth gender date time servic bodi part examin name technologist data relat amount radiat produc xray breach affect approxim individu breach resolv part resolut agreement correct action plan st joseph health may found ocr websit httpwwwhhsgovhipaaforprofessionalscomplianceenforcementagreementssjh
## [977] n
## [978] NA
## [979] may staff member sent email approxim patient erron permit see email address recipi cover entiti ce st franci hospit investig incid replac inform technolog depart leadership secur offic counsel employe involv addit ce updat hipaa polici train entir workforc updat polici ce also began upgrad equip better prevent secur incid ce provid breach notif affect individu via email messag sent notif media place conspicu notic websit respons ocr’ provis technic assist ce provid written notif affect individu
## [980] n
## [981] employe cover entiti ce penn state milton s hershey medic center download protect health inform phi onto unsecur flash drive use devic person comput complet work email ce use person email account type phi involv breach includ demograph clinic inform individu ce provid breach notif hhs affect individu media follow breach ce perform risk assess updat encrypt measur ce also remind clinic laboratori staff faculti expect practic pertain safeguard phi provid staff list relev polici concern encrypt electron messag link correspond polici result ocr investig ce submit ocr copi polici regard use person devic email store phi third parti own manag media use approv electron connect system andor servic ocr verifi appropri polici place time incid employe follow polici ocr obtain assur ce implement correct action list
## [982] june cover entiti ce report trust physician work offic four year left prior leav copi patients’ demograph inform includ name social secur number address date birth phone number email insur inform recal date protect health inform phi individu affect breach follow breach ce improv technic safeguard instal firewal secur browser session implement strong authent antivirus softwar logic access control encrypt wireless connect also improv physic secur report revis hipaa privaci secur polici procedur cours investig ocr learn ce longer ce
## [983] n
## [984] employe cover entiti ce salina famili healthcar center sent email contain electron protect health inform ephi third parti part research case studi type phi involv breach includ name date birth address chart number procedur code affect approxim individu ce provid breach notif hhs affect individu media ce respond breach obtain assur email destroy third parti sanction respons employe result ocr’ investig ce updat train staff polici relat email phi use disclosur phi
## [985] unencrypt laptop stolen vehicl employe maschino hudelson associ broker busi associ ba cover entiti ce aetna laptop contain protect health inform phi ces custom type phi involv breach includ name date birth address social secur number account inform ba provid breach notif affect individu media ocr provid technic assist ce regard requir notif hhs ocr verifi ce proper ba agreement place time breach
## [986] tripl manag corpor “triples” behalf wholli own subsidiari tripl salud inc triplec inc tripl advantag inc former known american health medicar inc agre settl potenti violat health insur portabl account act hipaa privaci secur rule us depart health human servic offic civil right ocr tripl will pay million will adopt robust correct action plan correct defici hipaa complianc program effort alreadi begun “ocr remain commit strong enforc hipaa rules” said ocr director jocelyn samuel “ case send import messag hipaa cover entiti complianc requir secur rule includ risk analysi complianc requir privaci rule includ address busi associ agreement minimum necessari use protect health information” tripl insur hold compani base san juan puerto rico offer wide rang insur product servic resid puerto rico subsidiari tripl fulli cooper hhs investig case agre put place comprehens hipaa complianc program condit settlement receiv multipl breach notif tripl involv unsecur protect health inform phi ocr initi investig ascertain entities’ complianc hipaa rule ocr’ investig indic widespread noncompli throughout various subsidiari tripl includ failur implement appropri administr physic technic safeguard protect privaci beneficiaries’ phi impermiss disclosur beneficiaries’ phi outsid vendor appropri busi associ agreement use disclosur phi necessari carri mail failur conduct accur thorough risk analysi incorpor equip applic data system util ephi failur implement secur measur suffici reduc risk vulner ephi reason appropri level settlement requir tripl establish comprehens complianc program design protect secur confidenti integr person inform collect beneficiari includ risk analysi risk manag plan process evalu address environment oper chang affect secur ephi hold polici procedur facilit complianc requir hipaa rule train program cover requir privaci secur breach notif rule intend use member workforc busi associ provid servic tripl premis tripl help ocr technic assist alreadi begun take extens correct action requir correct action plan will continu work ocr come complianc hipaa “tripl commit protect privaci secur beneficiaries’ health inform implement correct action plan enter ocr” said presid ceo tripl manag corpor ramon m ruiz “ pleas agreement regard opportun strengthen privaci polici appreci ocr’ technic assist date look forward collabor future”
## [987] employe cover entiti ce bay park hospit access electron protect health inform ephi individu without necessari busi reason ephi includ name date birth diagnos clinic inform ce provid breach notif hhs affect individu media upon discov breach ce question respons workforc member immedi resign retrain workforc member hipaa polici procedur ocr obtain assur correct action list complet
## [988] jamaica hospit medic center cover entiti ce report breach occur august march result five employe impermiss access protect health inform phi patient seen ce’ emerg depart phi includ patient name address date birth social secur number diagnos insur inform age sex telephon number date admiss five employe disclos phi third parti solicit purpos ce provid breach notif hhs media affect individu post notic websit follow breach ce termin five employe redesign work flow allow greater oversight employe ocr provid technic assist ce correct action need demonstr ce’ complianc ocr obtain assur ce implement correct action list addit ce expect conduct comprehens thorough risk analysi implement correspond remedi plan implement improv process regard inform system activ review inform access manag
## [989] april unencrypt portabl media devic contain electron protect health inform ephi stolen employee’ lock vehicl portabl media devic contain demograph data includ social secur number clinic health insur inform individu ce provid breach notif hhs affect individu media offend employe termin direct result violat ce’ polici prohibit use unencrypt devic store transport phi addit ce reeduc employe polici instruct manag team ensur proper procedur follow ocr obtain assur correct action taken
## [990]
## [991] n
## [992] n
## [993] law enforc investig former employe cover entiti ce central citi concern ident theft notifi ce former employe admit misus approxim employ access center eac clients’ inform person inform involv breach includ name social secur number address date birth identifi data ce’ health care compon ce provid breach notif hhs media client whose inform access former employe well post substitut notic websit also provid year free credit monitor affect individu result incid ce improv safeguard eac databas ce also contract third parti complet secur risk assess locat updat privaci secur polici procedur ocr’ investig confirm appropri notif made correct action step taken
## [994] tripl manag corpor “triples” behalf wholli own subsidiari tripl salud inc triplec inc tripl advantag inc former known american health medicar inc agre settl potenti violat health insur portabl account act hipaa privaci secur rule us depart health human servic offic civil right ocr tripl will pay million will adopt robust correct action plan correct defici hipaa complianc program effort alreadi begun “ocr remain commit strong enforc hipaa rules” said ocr director jocelyn samuel “ case send import messag hipaa cover entiti complianc requir secur rule includ risk analysi complianc requir privaci rule includ address busi associ agreement minimum necessari use protect health information” tripl insur hold compani base san juan puerto rico offer wide rang insur product servic resid puerto rico subsidiari tripl fulli cooper hhs investig case agre put place comprehens hipaa complianc program condit settlement receiv multipl breach notif tripl involv unsecur protect health inform phi ocr initi investig ascertain entities’ complianc hipaa rule ocr’ investig indic widespread noncompli throughout various subsidiari tripl includ failur implement appropri administr physic technic safeguard protect privaci beneficiaries’ phi impermiss disclosur beneficiaries’ phi outsid vendor appropri busi associ agreement use disclosur phi necessari carri mail failur conduct accur thorough risk analysi incorpor equip applic data system util ephi failur implement secur measur suffici reduc risk vulner ephi reason appropri level settlement requir tripl establish comprehens complianc program design protect secur confidenti integr person inform collect beneficiari includ risk analysi risk manag plan process evalu address environment oper chang affect secur ephi hold polici procedur facilit complianc requir hipaa rule train program cover requir privaci secur breach notif rule intend use member workforc busi associ provid servic tripl premis tripl help ocr technic assist alreadi begun take extens correct action requir correct action plan will continu work ocr come complianc hipaa “tripl commit protect privaci secur beneficiaries’ health inform implement correct action plan enter ocr” said presid ceo tripl manag corpor ramon m ruiz “ pleas agreement regard opportun strengthen privaci polici appreci ocr’ technic assist date look forward collabor future”
## [995] four encrypt laptop comput backup system contain electron protect health inform ephi approxim individu stolen result breakin offic cover entiti ce howard l weinstein dpm ce immedi report incid polic investig ensu ephi involv theft encrypt ce determin breach ephi unlik howev ce respond incid though breach occur personnel notifi potenti affect parti mail media notif websit notif also follow procedur file breach notif report hhs ce implement addit physic technic administr safeguard ensur secur ephi addit ce immedi act recoveri plan move data cloud encrypt storag system
## [996] behalf cover entiti ce molina healthcar california partner plan inc busi associ ba subcontractor print mail postcard ce’ former member address generic “resident” contain track number case member’ social secur number approxim individu affect breach ce provid breach notif hhs affect individu media post substitut notif websit also offer affect individu one year free ident theft protect servic result incid ce revis develop hipaa polici procedur better safeguard protect health inform phi mail project also counsel workforc member involv incid pursuant polici ocr obtain assur ce implement correct action list
## [997] ocr open investig cover entiti ce option counsel center ce report may juli employe made photocopi document print document comput system contain patients’ protect health inform phi disclos document attorney type phi involv breach includ various differ individu patients’ name counsel session attend verif intern ce account code charg payment address telephon number date birth health insur account inform account balanc well social secur number upon discoveri breach ce ensur destruct phi possess former employe andor attorney retrain staff ce also implement new safeguard includ restrict number personnel hold key room file cabinet contain phi convert paper bill system electron bill system establish passwordprotect rolebas access right vari level inform ocr obtain assur ce implement correct action list
## [998] cover entiti ce citi henderson discov sever occas januari march busi associ ba broker keyston insur group disclos minimum necessari inform sever health care provid consid possibl partner citi develop cityrun healthcar clinic ba hire assist evalu process determin whether cityoper health clinic reduc health care cost type protect health inform phi involv breach includ demograph inform name insur number address birthdat clinic inform diagnos treatment prescript expens ce provid breach notif hhs affect individu media post substitut notic websit respons incid ce obtain certif delet destruct recipi phi termin agreement ba ce also revis request propos process includ inform potenti brokers’ hipaa train prior hipaa breach respons ocr’ investig ce creat implement privaci polici procedur train staff hipaa polici
## [999] NA
## [1000] n
## [1001] employe cover entiti ce busi associ ba mistaken mail protect health inform phi individu due human error sort data contain excel spreadsheet mail affect individu includ name prescript drug name ba provid breach notif affect individu hhs media result ocr investig ocr verifi ce proper ba agreement place restrict bas use disclosur phi requir ba safeguard phi ocr obtain assur ba complet correct action note ba also state develop plan improv safeguard implement addit qualiti check control mail
## [1002] medic practic move vendorpati store three box paper medic bill record vendor’ crawl space march march box contain protect health inform phi approxim individu type phi involv breach includ name address date birth social secur number insur inform medic practic bill code diagnos follow breach cover entiti ce read health system interview vendorpati determin disclosur occur ce provid breach notif hhs affect individu offer live patient year free credit monitor ce establish profession staf call
## [1003] cover entiti ce flower hospit inform law enforc februari one employe arrest ce’ paper facesheet found possess intern investig reveal employe may access allow anoth individu access clinic demograph inform individu ce provid breach notif hhs affect individu media respons breach ce implement procedur restrict access paper record improv mainten storag procedur ocr obtain assur ce implement correct action list
## [1004] august us depart health human servic hhs offic civil right ocr midwest region initi review cover entiti ce iowa depart human servic review stem complaint secur breach ce selfreport ocrhq requir cfr § b occur period nine year ce provid breach notif hhs affect individu media prevent similar breach happen futur ce conduct multipl intern investig evidenc perform risk analysi correspond risk manag plan also sanction employe involv breach incid provid train staff polici procedur regard secur awar addit ce implement annual secur control review assess complianc privaci secur breach notif rule implement new hipaa polici procedur ocr obtain copi ces execut busi associ agreement document substanti ces correct action describ
## [1005] n
## [1006] n
## [1007] n
## [1008] n
## [1009] n
## [1010] sorenson communic file breach report behalf captioncal group health plan indic februari march unknown third parti hack captioncal account sorenson’ payrol vendor compromis employmentrel inform gather sorenson employe depend beneficiari andor emerg contact breach affect approxim individu sorenson provid notic hhs affect individu media verifi circumst breach charact breach inform ocr close breach upon determin hack data constitut employ record exclud definit phi
## [1011] group health plan administr email plan particip spreadsheet contain protect health inform phi plan particip includ name date birth social secur number cover entiti ce willi north america inc medic expens benefit plan provid breach notif hhs media affect individu includ offer two year ident theft protect cost affect individu follow breach ce block recipients’ abil forward email delet email recipients’ inbox instruct recipi delet email save forward ce also track instanc recipi forward email prior block obtain assur phi delet copi kept phi use improp purpos ce also instruct workforc member follow new protocol handl phi includ encrypt passwordprotect attach sensit inform prior transmiss possibl open inform secur share drive oppos email ce also sanction administr addit ce adopt hipaa polici procedur relat handl phi updat hipaa train complet assess examin ephi maintain ce maintain transmit ephi ocr obtain assur ce implement correct action list addit ce expect conduct risk analysi implement correspond remedi plan requir secur rule make certain revis plan document compli privaci rule
## [1012] cover entity’ ce subcontractor behalf ce’ busi associ ba inclus research institut sent postcard individu indic receiv servic ce development disabl administr maryland depart health mental hygien ce provid breach notif hhs affect individu media follow breach ce direct subcontractor ceas desist send postcard ocr obtain assur ce implement correct action list
## [1013] n
## [1014] januari cover entiti ce ladi first choic inc learn former employe took misappropri confidenti comput program contain customers’ demograph healthcar inform comput program contain electron protect health inform ephi individu includ name date birth social secur number address identifi code ce provid breach notif hhs affect individu media result breach ce identifi vulner contribut theft retrain staff review safeguard polici intern procedur includ incid report polici perform new risk analysi ocr obtain assur ce implement correct action list ce also creat new secur featur comput system includ encrypt secur back phi store hard drive addit ce file civil action former employe enjoin use phi obtain
## [1015] ocr initi investig cover entiti ce centura health report experienc phish attack employe inadvert respond fraudul email click link provid usernam password employees’ email account may access attack ce detect contain incid less employe receiv phish email compromis email account result breach individuals’ electron protect health inform ephi form demograph name address date birth telephon number social secur number identifi clinic diagnos lab result medic treatment andor financi claim inform ce provid breach notif hhs affect individu media ce also notifi feder bureau investig offer free credit monitor servic individu social secur number financi inform potenti compromis follow breach ce updat risk manag plan includ escal prioriti implement certain previous identifi secur measur retrain employe enhanc annual complianc educ train provid addit content regard phish scam ocr obtain assur ce implement correct action note
## [1016] unencrypt extern hard drive contain electron protect health inform ephi individu stolen workforc member’ vehicl ephi involv breach includ name address date birth email address telephon number dental record medic histori health insur number social secur number cover entiti ce larson dental care llc provid breach notif hhs affect individu media also post notic onlin follow breach ce termin employ respons workforc member also conduct new risk assess implement new secur privaci polici includ devic media control polici retrain staff ce improv safeguard encrypt comput mobil devic contain ephi instal comprehens secur upgrad comput network ocr obtain assur ce implement correct action
## [1017] busi associ ba tri state adjust cover entiti ce vgm homelink commit program error result individu receiv wrong bill statement breach affect approxim individu includ patients’ name address insur inform medic equip provid ce provid breach notif hhs affect individu media place notif breach websit ce requir ba implement new safeguard prevent similar breach occur result ocr’ investig ce ba updat polici procedur breach rule notif
## [1018] n
## [1019] n
## [1020] n
## [1021] cover entiti ce greenwood leflor hospit discov exemploye busi associ ba ce use recycl destroy old xray film stole xray film contain name date birth xray imag patient individual’ employ termin ba prior breach therefor author take possess xray film ce provid breach notif hhs affect individu media also post substitut notic respons breach ce file polic report attempt recov xray film sanction retrain employe involv ce also file civil lawsuit individu took film individu later arrest found guilti petit larceni order pay restitut ce ce provid addit train entir workforc regard ba access breach polici termin busi relationship ba ocr obtain ce’ polici procedur relat cite privaci rule provis well document relat employe train privaci secur rule
## [1022] march cover entiti ce puerto rico health insur administr also known administracion de seguro salud de puerto rico report januari becam awar sometim octob former employe tripl salud’ busi associ ba tripl advantag solut copi beneficiaries’ electron protect health inform ephi onto compact disk took home unspecifi period time subsequ download onto comput new employ ephi includ beneficiari enrol inform includ name date birth contract number health insur claim number home address social secur number ce’ beneficiari ce provid breach notif hhs affect individu media due ocr’ investig ce commit conduct risk analysi implement risk manag plan revis polici procedur retrain staff within specifi period
## [1023] NA
## [1024] employe cover entity’ ce network penetr test team discov protect health inform phi open share network attach storag devic affect individu depart caught problem time indic breach ce immedi secur websit notifi facil delet email ce implement mandatori month train site manag includ discuss site incid
## [1025] april cover entiti ce healthi connect inc report unencrypt mobil comput drive contain patient electron protect health inform ephi lost transit ce anoth ce breach notic ce receiv envelop minus flash drive mail breach affect demograph clinic inform individu ce provid breach notif hhs affect individu media result ocr investig ce conduct comprehens systemwid risk analysi implement risk manag plan enhanc entir electron technic secur system ocr obtain assur ce implement correct action note
## [1026] nurs practition “np” cover entiti ce univers urolog left practic start clinic administr assist ce provid np list patient inform june januari contain name address gender age first last date servic individu ce provid breach notif hhs affect individu media respons breach ce termin administr assistant’ employ sent “ceas desist” letter np ce also ensur list destroy final ce review revis polici retrain workforc ocr obtain assur ce implement correct action list
## [1027] februari two member cover entiti ce blue cross blue shield kansa citi plan report unauthor charg credit card use make payment phone ce ce determin employe violat polici procedur may put financi inform individu risk breach affect member spoke employe regard payment premium ce provid breach notif hhs affect individu media report matter fbi local law enforc ce report background check contractor verif inc vi provid inaccur crimin background check result hire involv employe although employe convict feloni ident theft april prevent similar breach happen futur ce termin contract vi establish relationship new background check vendor ce provid train workforc polici procedur regard hipaa secur ocr obtain document evid demonstr ce implement correct action list ce also end involv employee’ employ
## [1028] n
## [1029] n
## [1030] cover entiti ce clinic refer laboratori inc sent parcel damag open mail process unit state postal servic usp protect health inform phi involv breach includ name date birth partial social secur number lab test type approxim individu resid multipl state ce provid breach notif hhs affect individu sinc multipl breach report receiv involv ce fact pattern investig consolid one investig
## [1031] postal center intern inc subcontractor busi associ ba polici studi inc erron sent mislabel mail individu due technic error breach potenti expos individuals’ name address intern account number month premium amount ba provid breach notif hhs affect individu media respons breach subcontractor implement technic fix print process system ad addit qualiti control mechan prevent reoccurr incid ocr obtain assur cover entiti ce florida healthi kid corpor ba subcontractor implement correct action list
## [1032] n
## [1033] n
## [1034] tripl manag corpor “triples” behalf wholli own subsidiari tripl salud inc triplec inc tripl advantag inc former known american health medicar inc agre settl potenti violat health insur portabl account act hipaa privaci secur rule us depart health human servic offic civil right ocr tripl will pay million will adopt robust correct action plan correct defici hipaa complianc program effort alreadi begun “ocr remain commit strong enforc hipaa rules” said ocr director jocelyn samuel “ case send import messag hipaa cover entiti complianc requir secur rule includ risk analysi complianc requir privaci rule includ address busi associ agreement minimum necessari use protect health information” tripl insur hold compani base san juan puerto rico offer wide rang insur product servic resid puerto rico subsidiari tripl fulli cooper hhs investig case agre put place comprehens hipaa complianc program condit settlement receiv multipl breach notif tripl involv unsecur protect health inform phi ocr initi investig ascertain entities’ complianc hipaa rule ocr’ investig indic widespread noncompli throughout various subsidiari tripl includ failur implement appropri administr physic technic safeguard protect privaci beneficiaries’ phi impermiss disclosur beneficiaries’ phi outsid vendor appropri busi associ agreement use disclosur phi necessari carri mail failur conduct accur thorough risk analysi incorpor equip applic data system util ephi failur implement secur measur suffici reduc risk vulner ephi reason appropri level settlement requir tripl establish comprehens complianc program design protect secur confidenti integr person inform collect beneficiari includ risk analysi risk manag plan process evalu address environment oper chang affect secur ephi hold polici procedur facilit complianc requir hipaa rule train program cover requir privaci secur breach notif rule intend use member workforc busi associ provid servic tripl premis tripl help ocr technic assist alreadi begun take extens correct action requir correct action plan will continu work ocr come complianc hipaa “tripl commit protect privaci secur beneficiaries’ health inform implement correct action plan enter ocr” said presid ceo tripl manag corpor ramon m ruiz “ pleas agreement regard opportun strengthen privaci polici appreci ocr’ technic assist date look forward collabor future”
## [1035] tripl manag corpor “triples” behalf wholli own subsidiari tripl salud inc triplec inc tripl advantag inc former known american health medicar inc agre settl potenti violat health insur portabl account act hipaa privaci secur rule us depart health human servic offic civil right ocr tripl will pay million will adopt robust correct action plan correct defici hipaa complianc program effort alreadi begun “ocr remain commit strong enforc hipaa rules” said ocr director jocelyn samuel “ case send import messag hipaa cover entiti complianc requir secur rule includ risk analysi complianc requir privaci rule includ address busi associ agreement minimum necessari use protect health information” tripl insur hold compani base san juan puerto rico offer wide rang insur product servic resid puerto rico subsidiari tripl fulli cooper hhs investig case agre put place comprehens hipaa complianc program condit settlement receiv multipl breach notif tripl involv unsecur protect health inform phi ocr initi investig ascertain entities’ complianc hipaa rule ocr’ investig indic widespread noncompli throughout various subsidiari tripl includ failur implement appropri administr physic technic safeguard protect privaci beneficiaries’ phi impermiss disclosur beneficiaries’ phi outsid vendor appropri busi associ agreement use disclosur phi necessari carri mail failur conduct accur thorough risk analysi incorpor equip applic data system util ephi failur implement secur measur suffici reduc risk vulner ephi reason appropri level settlement requir tripl establish comprehens complianc program design protect secur confidenti integr person inform collect beneficiari includ risk analysi risk manag plan process evalu address environment oper chang affect secur ephi hold polici procedur facilit complianc requir hipaa rule train program cover requir privaci secur breach notif rule intend use member workforc busi associ provid servic tripl premis tripl help ocr technic assist alreadi begun take extens correct action requir correct action plan will continu work ocr come complianc hipaa “tripl commit protect privaci secur beneficiaries’ health inform implement correct action plan enter ocr” said presid ceo tripl manag corpor ramon m ruiz “ pleas agreement regard opportun strengthen privaci polici appreci ocr’ technic assist date look forward collabor future”
## [1036] cover entiti ce kaiser permanent northern california divis research report breach individuals’ electron protect health inform ephi result malwar softwar infect comput server type ephi involv breach includ name date birth gender address raceethn inform medic record number lab result respons patient provid researchrel question ce provid breach notif hhs affect individu media follow breach ce conduct updat secur analysi revis polici procedur provid train workforc member ocr obtain written assur ce implement correct action note provid technic assist regard hipaa secur rule
## [1037] n
## [1038] februari unknown parti gain unauthor access person email account physician midwest orthopaed rush cover entiti ce disclos protect health inform phi affect approxim individu email contain electron phi includ name physician surgic schedul surgic descript code date instruct ce provid breach notif hhs affect individu media ce also conduct investig determin root caus breach addit ce disabl physician’ gmail account phi sent train physician staff use secur email ce revis email procedur elimin extern email address ces distribut list physician support staff discontinu use outsid email address send receiv phi ocr obtain document assur ce implement correct action list
## [1039] n
## [1040] cover entiti ce medic center plano report busi associ ba relayhealth inadvert sent incorrect mail affect individu ce learn actual number individu affect breach one patient file addendum reflect correct number patient affect breach protect health inform phi involv breach includ individual’ name address account number admiss discharg date payment inform follow breach ba review standard oper procedur entir project manag team modifi mail process also contact affect individu provid contact inform need address concern question refer incid
## [1041] employe cover entiti ce myriad genet laboratori inc email unsecur protect health inform phi person email account mean store inform use carri job function phi affect individu includ patients’ name date birth address physicians’ name genet test result test identif number famili person medic histori famili pedigre inform ce provid breach notif hhs affect individu also post substitut notic breach also provid one year free identifi theft protect servic affect individu follow breach ce revis procedur encrypt email contain phi retrain employe caus breach ocr provid technic assist regard risk analysi risk manag requir secur rule
## [1042] workforc member’ car broken result theft loss two unencrypt flash drive contain protect health inform phi individu type phi involv breach includ name date birth diagnosestreat inform insur inform includ medicar number ce provid breach notif hhs affect individu media provid credit monitor ident theft protect affect individu respons breach ce sanction retrain workforc member involv breach follow ces polici procedur retrain workforc member hipaa secur procedur ce also implement usb encrypt lockdown project enhanc ces technic safeguard ocr’ investig result improv hipaa practic cover entiti
## [1043] numer employe ce respond email phish attack request employee’ email usernam password authent account result number employe direct deposit paycheck divert without notif electron protect health inform ephi store affect email account made access affect email account contain combin ephi individu ephi involv breach includ patients’ demograph clinic health insur inform case social secur number respons incid affect user chang password ce adjust web filter ce improv technic safeguard prevent futur phish attack natur acceler time tabl exist phish educ campaign employe ce provid year free credit monitor ident theft protect servic affect individu ocr’ investig confirm appropri notif made correct action step taken
## [1044] small number employe cover entiti ce jewish hospit respond “phishing” email appear legitim disclos demograph clinic protect health inform phi approxim individu phi involv breach includ name address birthdat diagnos treatment receiv health insur inform social secur number individu respons incid ce secur affect email account arrang forens investig ce evid electron phi employees’ mailbox access otherwis infiltr phish scheme nonetheless sent breach notif letter offer one year free credit monitor ident theft protect servic potenti affect individu also provid breach notif hhs media provid substitut notic follow breach ce deploy antiphish softwar acceler employe phish educ campaign establish quick reaction team proactiv block phish webbas threat enhanc audit log control ocr obtain assur correct action list complet
## [1045] respons insurer’ routin claim request employe provid protect health inform phi necessari complet intend purpos approxim patient affect impermiss disclosur includ patients’ name address social secur number date birth health insur inform payment inform encount identif physicians’ name diagnosi code patients’ employ cover entiti ce susquehanna health provid breach notif hhs affect individu ce also offer one year free ident theft protect credit monitor affect individu follow breach ce immedi ensur recipi phi delet data comput shred hard copi ocr obtain review copi ce’ polici procedur relat issu rais complaint well copi current risk assess result ocr’ investig ce sanction staff member retrain entir depart revis email polici
## [1046] cover entiti ce nova chiropract rehabilit center misplac mobil devic within offic devic contain electron protect health inform ephi approxim patient includ name date birth address ce found evid ephi inappropri use outsid ce’ offic ce provid breach notif hhs affect individu media post substitut notic websit result ocr’ investig ce clear encrypt thumb drive contain ephi ce improv physic safeguard instal new secur alarm system updat polici remov phi offic ocr obtain assur ce execut busi associ agreement email cloud system provid
## [1047] unauthor individu broke cover entiti ce facil stole laptop comput contain electron protect health inform ephi approxim individu includ name credit card number bank account number treatment inform xray imag ce provid breach notif hhs affect individu promin media outlet illinoi follow breach ce report theft local polic depart reloc new facil implement facil secur measur includ secur alarm system also enhanc polici procedur implement privaci secur rule ocr obtain assur ce implement correct action list
## [1048] unencrypt portabl data drive lost pharmaci resid arnold palmer hospit part cover entiti ce drive contain protect health inform phi individu includ name birth weight gestat age admiss discharg date medic record number transfer date miss drive also store person item research studi propos two spreadsheet contain limit inform babi part studi ce provid breach notif hhs media parent affect individu minor substitut notic post ce’ websit ce updat polici procedur data loss prevent system ad control ce retrain resid involv loss data provid addit inform employe medic staff member regard use portabl data devic educ publish articl ocr obtain assur ce implement correct action list
## [1049] sometim juli januari cover entiti ce yellowston boy girl ranch lost resourc notebook oncal staff lewiston offic notebook includ document contain protect health inform phi individu includ clients’ name address date birth school treatment provid communitybas program inform ce provid breach notif hhs affect individu media ce immedi stop store phi oncal resourc book sanction respons personnel result ocr’ investig substanti technic assist ocr ce began develop revis necessari polici procedur govern storag transport handl phi addit ce provid ocr written assur will train staff new polici procedur
## [1050] n
## [1051] march cover entiti ce san francisco general hospit trauma center report eight desktop comput stolen southerland healthcar solut inc ce’ busi associ ba comput contain electron protect health inform ephi individu ephi involv breach includ name address birth date social secur number admiss discharg inform treatment locat diagnosi bill inform ce provid breach notif hhs affect individu media ce train workforc member polici procedur respond report secur incid ocr obtain assur ce implement correct action note
## [1052] n
## [1053] n
## [1054] n
## [1055] n
## [1056] n
## [1057] cover entiti ce qbe hold inc report busi associ ba staywel health manag llc disclos individual’ protect health inform internet phi includ name email address uniqu staywel identif number inform particip well program ba provid breach notif hhs affect individu ba also file separ breach report investig ocr result breach ba implement procedur address data compromis issu includ perform initi analysi risk assess ba implement polici procedur safeguard phi train employe ocr obtain assur ba implement correct action list
## [1058] cover entiti ce mcbroom clinic pa sign busi associ ba agreement tma practic manag group provid oper assessmentaudit part assess ba request ce provid certain health inform patient protect health inform phi includ clinic insurancepay inform patient ce copi phi unencrypt portabl usb flash drive sent ba inform packag januari upon receipt empti packag ba subsequ discard recycl receptacl around februari clinic contract allclear id assist patient notif mitig effort result breach ce institut new procedur extract send phi via portabl media includ encrypt due ocr’ investig ce made awar follow area improv risk analysi staff train polici procedur
## [1059] n
## [1060] januari valley view hospit associ cover entiti ce discov malwar infect comput workstat ce determin infect workstat malwar took screen shot electron protect health inform ephi belong individu malwar store screen shot encrypt file “hidden” workstations’ hard drive screen shot contain name social secur number demograph inform well credit card inform ce provid breach notif hhs affect individu media follow breach ce deploy antivirus softwar clean malwar system ocr’ investig result ce revis procedur safeguard ephi protect malici softwar ocr provid technic assist ce regard secur rule’ risk analysi risk manag requir ocr also obtain assur ce updat risk analysi risk manag plan
## [1061] NA
## [1062] n
## [1063] patients’ medic inform found possess employe work cover entiti detroit medic center harper univers protect health inform phi includ name date birth age gender reason visit approxim individu ce provid breach notif hhs affect individu media offer one year credit protect monitor servic cost affect patient ocr obtain document show ce implement correct action list
## [1064] januari unencrypt desktop comput unencrypt portabl comput drive stolen cover entiti ce univers california san francisco famili medicin center type protect health inform phi involv breach includ name date birth mail address medic record number social secur number health insur identif number affect individu ce provid breach notif hhs affect individu media respons breach ce improv physic safeguard chang disabl usernam password account potenti risk compromis encrypt remain comput affect locat well replac comput ocr obtain assur ce implement correct action note
## [1065] violat employer’ polici workforc member cover entiti ce mission citi communiti network inc sent unsecur email busi associ ba contain protect health inform phi individu phi includ name address date birth insur inform investig ocr determin disclosur ba payment purpos permiss email reach intend ba evid phi impermiss disclos parti ocr provid technic assist ce result ocr’ investig ce initi review improv hipaa practic
## [1066] employe cover entiti ce iowa depart human servic use person email account person onlin storag account person electron devic work purpos februari januari protect health inform phi individu transfer outsid ce’ secur network manner type inform includ name mail address social secur number state id number date birth phi obtain case assess incid inform ce state notifi affect individu media also offer free credit monitor affect individu ocr consolid breach anoth breach involv ce
## [1067] n
## [1068] januari busi associ ba pracman inc two cover entiti ce monarch women’ health monarch punuru jm reddi md inc dr reddi impermiss disclos protect health inform phi ces’ patient ba’ technolog subcontractor mashnet copi store comput file error unsecur server phi includ demograph clinic financi inform includ name account number insur provid procedur diagnos social secur number ssn account balanc affect approxim dr reddy’ patient approxim monarch’ patient ba provid breach notif hhs affect individu media also establish tollfre number websit dedic provid inform regard breach offer one year free credit monitor individu whose ssn potenti expos onlin respons breach ba engag third parti perform risk analysi oper updat privaci secur polici ba ensur data remov unsecur server cach copi link phi remov ocr obtain assur ba implement correct action list addit ba termin relationship subcontractor restructur corpor network
## [1069] n
## [1070] n
## [1071] n
## [1072] n
## [1073] n
## [1074] n
## [1075] n
## [1076] n
## [1077] cover entiti ce care advantag inc experienc breakin satellit offic theft laptop laptop password protect contain electron protect health inform ephi relat inform use web base schedul program breach report indic individu affect upon discov breach ce’ investig reveal actual number affect individu ce provid breach notif hhs affect individu also post notic incid websit follow breach ce assess updat hipaa secur polici conduct employe train result ocr’ investig ocr obtain written assur ce implement correct action step list
## [1078] n
## [1079] NA
## [1080] n
## [1081] staywel health manag busi associ ba multipl cover entiti ce report march januari spreadsheet contain protect health inform phi individu particip well program unintent avail onlin intern administr tool generat report place report public face folder type phi spreadsheet includ participants’ name email address uniqu ba identif number inform particip program ba provid breach notif hhs affect individu media behalf ces affect breach regent univers minnesota missouri consolid health care plan clorox compani group insur plan nissan north america inc qbe hold inc upon discoveri breach ba upgrad platform revis implement polici procedur ocr obtain assur ba implement correct action list step also taken restrict access remov data entir googl bing yahoo search engin separ breach case open affect ces
## [1082] n
## [1083] februari staywel health manag llc busi associ ba cover entiti ce missouri consolid health care plan erron made spreadsheet access via electron link internet spreadsheet includ participants’ complet name email address uniqu intern identif number current status well program inform regard email notif whether particip complet two program survey approxim individu affect breach ba provid breach notif affect individu media ce provid breach notif hhs follow breach ce ensur ba remov spreadsheet public access via internet implement use legaci system order safeguard electron protect health inform ephi transit ce also updat privaci secur polici includ encrypt standard safeguard data process transit rest ocr obtain document assur ce ba implement correct action list
## [1084] st vincent hospit healthcar inc laptop comput connect eeg diagnost system stolen procedur cart locat nurs unit within hospit breach affect approxim individu type protect health inform phi involv breach includ patient name date birth date servic gender physician name type studi ce provid breach notif hhs affect individu media follow breach ce encrypt laptop updat polici procedur relat safeguard mobil devic implement procedur use laptop secur cabl ocr obtain document assur ce implement correct action note
## [1085] cover entiti ce univers california davi medic center report decemb fraudul phish email sent employe email instruct employe go fraudul websit input authent credenti three employe email account impact phish scam email account contain electron protect health inform ephi approxim individu type ephi potenti affect incid includ patient name medic record number limit health inform ce determin low probabl specif email content access event ce provid breach notif hhs affect individu media immedi follow discoveri breach incid ce took step mitig harm includ block access initi ip address delet similar phish email employe account immedi notifi staff pend threat respons incid ce implement new procedur help guard detect report malici softwar ocr obtain assur ce implement correct action describ
## [1086] cover entiti ce mistaken mail protect health inform phi wrong address approxim individu follow comput error busi associ ba phi involv breach includ name address date birth date servic claim inform diagnos ce provid breach notif affect individu hhs media post substitut notic websit prevent similar breach happen futur ce ba improv safeguard updat polici requir multipl review phi mail follow ocr investig ce updat polici procedur relat minimum necessari standard
## [1087] ce inadvert made intern databas contain electron protect health inform ephi individu access internet ephi involv breach includ name date birth social secur number address date servic custom servic note ce immedi remov databas internet secur unauthor disclosur ce provid breach notif affect individu hhs media post substitut notic onlin follow breach ce provid hipaa train staff sanction respons employe ce also took measur reduc vulner identifi recent risk analysi result ocr’
## [1088] cover entiti ce univers miami health system report around june learn iron mountain busi associ ba box contain patients’ protect health inform phi lost transfer new old storageshred vendor box contain mix bill research record patient includ financi clinic inform follow breach ce provid breach notif hhs affect individu media also post substitut notic websit ce offer credit monitor ident theft protect affect individu ce ba review ba’ process transfer pick storag record work togeth revis procedur safeguard archiv phi ce requir ba retrain personnel handl ce’ data retrain workforc hipaa privaci secur polici procedur addit ce hire new hipaa privaci offic revis procedur retain record order avoid send record contain bill inform offsit storag develop new sanction polici specif privaci violat ce also improv technic safeguard implement fair warn system cloudbas secur solut ocr obtain assur ce implement correct action list
## [1089] three laptop comput belong cover entiti ce sim podiatri associates’ stolen offic laptop unencrypt contain electron protect health inform ephi includ patients’ address zip code date birth vascular test result ce provid breach notif hhs affect individu media result ocr’ investig ce instal new lock door alarm secur system central station monitor ce also purchas replac laptop new server addit ce secur laptop cabl lock implement full disk encrypt along antivirus antimalwar softwar ce implement realtim offsit backup ephi ocr specifi expect ce conduct ongo risk analysi implement ongo risk manag plan conduct period vulner scan penetr test implement audit control perform inform system activ review ocr expect ce upgrad encrypt poughkeepsi offic ensur portabl hard drive store secur locat ce also expect provid ongo secur awar train staff
## [1090] cover entiti ce erron sent mail client incorrect address due code error intern databas protect health inform phi contain mail may includ clients’ name address client identif number letter also includ date birth social secur number diagnos financi inform ce provid breach notif hhs affect individu media post substitut notic websit follow breach ce hire firm conduct independ evalu data breach identifi correct root caus incid ce form qualiti improv team increas oversight product ensur qualiti assur process strict follow result ocr’ investig ocr provid technic assist timeli notif incid report obtain assur correct action list complet
## [1091] n
## [1092] manag unencrypt laptop comput stolen back seat employe car laptop contain protect health inform phi individu includ name possibl diagnos prescript name date servic servic locat cover entiti ce improv safeguard encrypt devic employ devic allow local storag ce also revis privaci secur polici retrain employe ocr consolid review complianc review involv corpor entiti anoth stolen unencrypt laptop
## [1093] workissu laptop comput contain clients’ protect health inform ephi stolen employee’ lock car type ephi involv breach includ financi demograph clinic inform cover entity’ ce investig reveal although comput power password protect connect internet time theft email contain respect ephi still access ce provid breach notif hhs affect individu media post substitut notic websit also provid affect individu one free year credit monitor restor tip protect id theft confidenti privaci line call question concern upon learn theft ce launch intern investig hire special data secur counsel assist respond incid retain extern forens expert assist determin scope breach ce improv safeguard review privaci secur polici procedur implement risk mitig plan reflect current work environ encrypt laptop comput updat polici procedur portablemobil devic also retrain workforc member ocr provid technic assist regard hipaa secur rule requir obtain written document ce implement correct action list
## [1094] desktop comput hard drive backup extern hard drive contain electron protect health inform ephi individu stolen offic cover entiti ce dr k min yi ephi extern hard drive includ name address phone number insur identif number social secur number check account inform medic surgic inform diagnosi procedur code date birth ce provid breach notif hhs media affect individu provid credit monitor patient contact privaci concern respons breach ce improv physic safeguard implement revis administr polici encrypt ephi ocr’ investig result ce improv hipaa practic
## [1095] comput server contain record patient cover entiti ce st joseph health system hack power surg electron protect health inform ephi server includ name date birth social secur number medic inform bank account inform address ce provid breach notif hhs affect individu media ce improv administr technic secur develop revis polici procedur address breach ocr obtain assur ce implement correct action list
## [1096] cover entiti ce beeb physician network learn temporari contractor handl electron protect health inform ephi individu previous arrest ident theft ephi includ social secur number driver’ licens number demograph inform although inappropri access identifi ce learn contractor convict count ident theft state pennsylvania work physician practic ce provid substitut notic provid breach notif hhs media ce offer one year free ident theft monitor insur affect individu follow breach ce review polici procedur work electron medic record vendor enhanc report mechan reassess requir staf agenc result ocr’ investig ce revis procedur regard background check newli employ staff
## [1097] n
## [1098] n
## [1099] n
## [1100] n
## [1101] septemb cover entiti ce discov busi associ ba mislabel invit event cancer survivor patient address correct name envelop incorrect individu ba resent invit correct name address letter explain mistak affect individu respons breach ce termin busi relationship ba chang process bulk mail inhous although ce polici place breach clear outlin breach notif requir ce perform media notif breach ocr provid technic assist topic addit ocr obtain assur ce implement correct action list
## [1102] n
## [1103] tripl manag corpor “triples” behalf wholli own subsidiari tripl salud inc triplec inc tripl advantag inc former known american health medicar inc agre settl potenti violat health insur portabl account act hipaa privaci secur rule us depart health human servic offic civil right ocr tripl will pay million will adopt robust correct action plan correct defici hipaa complianc program effort alreadi begun “ocr remain commit strong enforc hipaa rules” said ocr director jocelyn samuel “ case send import messag hipaa cover entiti complianc requir secur rule includ risk analysi complianc requir privaci rule includ address busi associ agreement minimum necessari use protect health information” tripl insur hold compani base san juan puerto rico offer wide rang insur product servic resid puerto rico subsidiari tripl fulli cooper hhs investig case agre put place comprehens hipaa complianc program condit settlement receiv multipl breach notif tripl involv unsecur protect health inform phi ocr initi investig ascertain entities’ complianc hipaa rule ocr’ investig indic widespread noncompli throughout various subsidiari tripl includ failur implement appropri administr physic technic safeguard protect privaci beneficiaries’ phi impermiss disclosur beneficiaries’ phi outsid vendor appropri busi associ agreement use disclosur phi necessari carri mail failur conduct accur thorough risk analysi incorpor equip applic data system util ephi failur implement secur measur suffici reduc risk vulner ephi reason appropri level settlement requir tripl establish comprehens complianc program design protect secur confidenti integr person inform collect beneficiari includ risk analysi risk manag plan process evalu address environment oper chang affect secur ephi hold polici procedur facilit complianc requir hipaa rule train program cover requir privaci secur breach notif rule intend use member workforc busi associ provid servic tripl premis tripl help ocr technic assist alreadi begun take extens correct action requir correct action plan will continu work ocr come complianc hipaa “tripl commit protect privaci secur beneficiaries’ health inform implement correct action plan enter ocr” said presid ceo tripl manag corpor ramon m ruiz “ pleas agreement regard opportun strengthen privaci polici appreci ocr’ technic assist date look forward collabor future”
## [1104] NA
## [1105] archiv protect health inform phi individu locat ce geising bloomsburg hospit acquir geising although copi phi avail evid phi impermiss disclos stolen ocr provid ce inform constitut breach breach notif rule ce post notic websit notifi media patient although indic phi access use disclos ce also retrain staff safeguard proper dispos phi state addit correct step taken reinforc privaci practic new facil
## [1106] n
## [1107] n
## [1108] decemb cover entity’ ce busi partner american medic suppli aam receiv portabl comput drive contain protect health inform phi includ electron copi medic record ce deliv error incid affect approxim individu type phi includ patients’ name address medic diagnos case social secur number although aam access portabl drive subsequ delet data return drive ce ce provid breach notif hhs affect individu result ocr’ investig ce began develop polici procedur relat breach notif train remov hardwar electron media encrypt decrypt phi indic train workforc new polici procedur implement decemb ce’ former parent compani provid written document ce legal dissolv decemb ceas carri busi
## [1109] novemb cover entiti ce health dimens burglar comput server contain protect health inform phi individu stolen server contain fax copi patients’ prescript order ce provid breach notif hhs affect individu media prevent similar breach happen futur ce repair damag build train staff hipaa polici procedur ocr obtain document ce implement correct action list
## [1110] two former employe cover entiti ce sentara healthcar access protect health inform phi outsid normal job duti use inform process fraudul tax return us attorney’ offic investig matter individu receiv prison sentenc breach report indic phi approxim individu involv breach howev ce verifi final count affect individu ce provid breach notif hhs affect individu media ce also offer complimentari credit monitor ident theft protect servic elig individu follow incid ce increas safeguard instal new softwar system help monitor detect inappropri access electron medic record system updat secur polici procedur retrain employe initi step address mitig issu identifi risk analysi ocr obtain assur correct action list complet andor initi describ
## [1111] n
## [1112] busi associ ba alamo consum direct report error web portal secur set allow unauthor access protect health inform phi septemb octob breach affect approxim individu includ name program particip status program spend summari ba provid breach notif hhs affect individu media follow breach ba correct secur set limit access train staff result ocr investig ba enter new ba agreement cover entiti texa depart age disabl servic
## [1113] n
## [1114] NA
## [1115] comput hacker instal malwar intercept electron protect health inform ephi approxim individu use cover entiti ces websit ephi includ name date birth phone number ship bill address email address credit card issuer expir date last digit credit card number account number primari physician diagnos order histori health insur follow breach ce remov malwar affect comput server migrat websit noncompromis
## [1116] cover entiti ce misplac binder contain protect health inform phi approxim individu matern unit phi involv breach includ name date birth medic record number limit clinic inform ce provid breach notif affect individu hhs media prevent similar breach occur futur cover entiti strengthen physic safeguard retrain employe safeguard phi ocr obtain assur correct action list complet
## [1117] NA
## [1118] NA
## [1119] cover entiti ce cook counti health hospit system report novemb part public health project ce anoth academ medic center physician ce sent unencrypt email excel attach collabor outsid ce’ firewal attach contain protect health inform phi individu attach encrypt requir organiz polici type phi involv breach includ demograph inform lab result ce provid breach notif hhs affect individu media ce disciplin employe day suspens implement new email secur program retrain employe staff program ocr obtain document ce implement correct action list
## [1120] virginia premier health plan busi associ ba cover entiti ce virginia depart medic assist servic vadma mail incorrect postcard virginia medicaid member breach includ postcard mail wrong address postcard contain incorrect servic inform inform includ social secur number financi inform ba provid breach notif hhs media affect individu english spanish follow breach ba improv safeguard retrain employe safeguard protect health inform updat procedur mail implement addit qualiti control check ocr obtain assur ba implement correct action list
## [1121] n
## [1122] laptop comput own phressia inc busi associ ba cover entiti ce famili medic group stolen park car phreesia workforc member violat ba’ polici procedur hard drive laptop workforc member’ dropbox account access laptop contain electron protect health inform ephi approxim patient type phi involv breach includ patients’ name address identif number phone number email address date birth social secur number insur identif number follow breach ba sanction respons workforc member retrain workforc member privaci secur polici procedur ce provid breach notif hhs affect individu media respons ocr investig ba updat polici procedur devic media control employe sanction
## [1123] april phoeb putney memori hospit inc cover entiti ce learn law enforc employe phoeb home care phc depart ce improp access patient protect health inform phi intent process fraudul tax return intern investig audit conclud employe access medic record combin paper electron form phi affect individu contain patients’ name date birth social secur number respons breach ce sanction respons employe ce provid breach notif hhs affect individu media also post substitut notic websit ce improv safeguard lock cabinet contain patient file creat secur access hierarchi assur rolebas access phi encrypt laptop comput addit ce remov social secur number referr form remov employe social secur number softwar system ce implement month audit electron medic record system establish annual hipaa inservic train program manag staff ocr obtain assur ce implement correct action list
## [1124] NA
## [1125] n
## [1126] due print error cover entity’ ce busi associ ba revspr inc patient receiv bill statement contain patients’ protect health inform phi breach affect approxim individu type phi involv breach includ name account number balanc owe procedur code procedur descript providers’ name date servic follow breach ce obtain assur ba addit safeguard implement prevent futur disclosur ocr review ce’ polici procedur ensur complianc privaci secur rule
## [1127] cover entiti ce coule medic center report ceemploy physician disclos electron protect health inform ephi wife without author ephi involv breach includ name hospit account number date servic cpt code servic descript approxim individu ce provid breach notif hhs affect individu upon discov breach ce sanction physician requir physician complet comprehens hipaa train requir workforc member complet annual hipaa train result ocr investig ce implement new inform secur polici procedur better safeguard ephi ocr provid ce technic assist regard constitut adequ secur rule risk analysi risk manag plan well constitut adequ notic media pursuant breach notif rule
## [1128] n
## [1129] n
## [1130] januari cover entiti ce colorado depart health care polici financ report breach busi associ ba colorado communiti health allianc novemb temporari employe work ba’ subcontractor aerotek sent list via unencrypt email contain electron protect health inform ephi individu person email account ephi includ patients’ name address date birth medicaid identif number health condit ba detect email audit program ce provid breach notif hhs ba provid breach notif affect individu media post substitut notic incid ba develop implement polici requir email contain ephi encrypt prevent similar incid occur futur train workforc member accord ocr provid substanti technic assist ba implement addit procedur technic safeguard provid written assur will complet enterprisewid risk analysi
## [1131] NA
## [1132] cover entiti ce new mexico oncolog hematolog consult report novemb theft laptop comput albuquerqu offic unencrypt laptop contain protect health inform phi individu includ patient name medic record number date birth address telephon number clinic test result diagnos treatment inform insur inform follow discoveri breach ce strengthen secur program conduct new risk analysi implement addit physic safeguard encrypt mobil devic also revis administr polici retrain staff ce provid breach notif hhs media affect individu ocr obtain assur ce implement correct action note
## [1133] barri univers cover entiti ce discov may laptop infect malwar protect health inform phi individu potenti expos includ name date birth social secur number driver’ licens number bankingcredit card inform medic record number health insur inform diagnos treatment inform due lengthi investig ce perform breach notif oblig outsid day timefram requir breach notif rule ocr provid technic assist ce topic although late ce provid breach notif hhs affect individu media well websit respons breach ce retain complianc consult perform risk assess revis polici procedur improv train program implement addit technic safeguard ocr obtain assur implement correct action list
## [1134] octob florida depart health cover entiti ce notifi law enforc offici orang counti depart health ocdoh employe retriev protect health inform phi ce’ health mainten system hms take pictur comput screen smart phone provid inform third parti file fraudul tax return breach affect individu type phi involv includ patients’ name date birth social secur number respons breach ce sanction two employe updat polici regard access control social secur number implement statewid mask social secur hms involv multiti system access data contain social secur number ce provid breach notif hhs affect individu media post breach notif websit ce provid train new polici procedur throughout ocdoh ocr obtain assur ce implement correct action list
## [1135] n
## [1136] dr jeffrey spiegel’ practic cover entiti ce mistaken sent promot email approxim patient attach includ email address patient ce provid breach notif hhs affect individu media follow breach ce institut new procedur requir two employe proof promot email prior send ocr obtain assur correct action list complet
## [1137] n
## [1138] n
## [1139] case along two companion case involv data lost due damag andor open prioriti mail process transit unit state post offic case potenti individu may affect type protect health inform phi involv breach includ name social secur number group name group number data recov cover entiti ce delta dental pennsylvania provid breach notif hhs affect individu media also took immedi appropri step mitig potenti damag individu reduc likelihood recurr decemb case closur septemb incid occur ocr determin ce’ correct action effect
## [1140] octob unencrypt laptop comput belong tennova cardiolog busi associ ba stolen vehicl laptop contain protect health inform phi individu includ patient name date birth date servic name refer physician health inform treatment diagnost procedur ce provid breach notif hhs affect individu media respons breach cover entiti ce conduct encrypt assess laptop comput user system access phi encrypt laptop comput ce review polici retrain staff implement encrypt polici ce also termin ba agreement move work inhous ocr obtain assur ce implement correct action list
## [1141] cover entiti ce wyom depart health transfer copi women infant children benefit program backup databas via internet busi associ use unsecur method approxim individu affect breach potenti disclos demograph inform date birth gender identif number ce notifi affect individu media secretari follow ocr’ investig ce conduct enterprisewid risk analysi develop risk manag plan revis organiz structur order hybrid cover noncov function ocr obtain assur ce implement correct action step
## [1142] deloach williamson busi associ ba south carolina health insur pool employe car broken passwordprotect compani laptop comput stolen contain electron protect health inform ephi individu ephi involv breach includ social secur number name date servic provid identif number ba provid breach notif cover entiti affect individu hhs cover entiti provid breach notif media follow breach ba immedi launch intern investig retrain subject employe compani polici privaci secur electron inform prior incid ba decid dissolv compani ceas oper decemb ba intend legal file dissolut decemb
## [1143] NA
## [1144] cover entiti ce report alleg impermiss use protect health inform phi affect approxim individu employe phi involv includ patients’ demograph inform ocr determin breach occur provid technic assist ce minimum necessari standard reason safeguard
## [1145] n
## [1146] busi associ ba molina healthcar virginia cover entiti ce fairfax counti virginia use subcontractor health busi system inc hbs subsidiari catamaranhb employe hbs place pharmaci claim report contain protect health inform phi individu nonsecur file transfer protocol ftp site troubleshoot issu system convers upon discov breach catamaranhb notifi ba conduct thorough investig remov file nonsecur server copi file encrypt password protect ce provid breach notif hhs affect individu offer free identifi theft protect follow breach catamaranhb retrain employe updat secur softwar enabl alert featur file contain potenti phi save ftp server ocr obtain written assur ce implement correct action list
## [1147] cover entiti ce mosaic discov multipl employe email account fallen victim phish attack affect email account contain follow type protect health inform phi clients’ name date birth address telephon number government–issu identif number medic record number insur identif number payment inform medicaid medicar number instanc social secur number breach affect approxim individu ce provid breach notif hhs affect individu media ce respond breach block ip address sourc phish scam contact proper author investig possibl crimin infract provid phish scam awar train chang email practic result ocr’ investig ce updat hipaa polici creat addit train materi chang train practic
## [1148] n
## [1149] unencrypt portabl comput drive contain electron protect health inform ephi individu stolen workforc member unlock person vehicl park home ephi involv breach includ name birthdat upon discov breach cover entiti ce provid notic hhs affect individu media follow breach ce remind employe safeguard polici provid addit train workforc member author take laptop mobil devic home improv safeguard institut random audit ensur unencrypt ephi store comput mobil devic ce also updat comput usag agreement employe sanction workforc member violat polici ocr obtain assur ce implement correct action list
## [1150] passwordprotect unencrypt laptop lost stolen northsid hospit nsh workforc member inadvert left hood car park laptop contain electron protect health inform ephi individu ephi involv breach includ patients’ name account number bill date diagnos andor diagnosi code lab result cover entiti ce nsh provid breach notif hhs affect individu media provid substitut notif follow breach ce encrypt ephi result ocr’ investig ce also revis hipaa polici reguard mobil devic breach notif implement safeguard
## [1151] patient schedul one cover entity’ ce small subsidiari offic impermiss access electron health record ehr system via virtual privat network vpn took photograph imag patient data tri download print walmart access record patient photograph protect health inform phi involv breach includ name address date birth social secur number telephon number suspect behavior walmart investig counti sheriff inform ce breach ce provid partial breach notif affect individu hhs media provid substitut notic websit follow breach ce discharg workforc member termin access ehr ce updat privaci secur plan employe handbook addit ce improv safeguard limit access vpn provid administr institut routin week audit ehr system use ocr began review cover entiti retrain offic manag provid offic breach occur result ocr’ investig ce receiv technic assist complet requir breach notif
## [1152] n
## [1153] n
## [1154] n
## [1155] one cover entiti ce comput infect malwar result data infect comput encrypt made inaccess ce subsequ restor infect data type protect health inform phi involv breach clinic inform includ diagnosescondit lab result medic treatment inform approxim individu ce provid breach notif hhs affect individu media follow breach ce retrain staff implement addit safeguard secur file backup upgrad antivirus softwar respons ocr’ investig ce provid substitut notic breach ocr provid ce technic assist regard secur rule includ risk analysi risk manag
## [1156] n
## [1157] cover entiti ce busi associ ba mail letter client request certain document contain identifi inform erron fax number list caus client fax inform wrong number approxim individu affect breach protect health inform phi involv includ name address date birth social secur number follow breach ba confirm fax sent incorrect fax number destroy ba also standard compani literatur requir manual data entri clientspecif contact inform assur qualiti control ocr provid inform assist ce revis ba agreement
## [1158] cover entiti ce mistaken includ protect health inform two postcard mail affect individu first mail includ ce’ patient second mail includ patient ces ce act busi associ ba phi involv breach includ name home address elevendigit number social secur number plus two digit ce provid breach notif hhs affect individu media follow breach ce revis mail procedur retrain applic staff sanction involv employe ocr obtain document assur ceba implement correct action list
## [1159] cover entity’ ce busi associ ba financi imag llc erron mail patient invoic wrong patient type protect health inform phi involv breach includ patients’ name date servic procedur perform ba sent breach notif letter affect individu reimburs ce cost associ breach notif provid media follow breach ba revis qualiti assur process ensur accuraci futur print job counsel retrain staff involv breach ce ba agreement place polici complianc hipaa rule ocr obtain assur ce ba implement correct action list
## [1160] cover entiti ce mistaken permit protect health inform phi viewabl internet user upload file without chang default permiss set folder contain file result googl abl detect cach phi upload folder approxim individu affect breach type phi involv breach includ students’ name birthdat gender identif number vision exam date diagnos school ce provid breach notif hhs parent guardian affect individu media also post notic websit ce took action remov file contain phi network compil list file along associ uniqu record locat number url cach url ce contact googl request remov data cach archiv googl confirm data remov ocr obtain assur ce implement correct action list
## [1161] univers washington medicin uwm agre settl charg potenti violat health insur portabl account act hipaa secur rule fail implement polici procedur prevent detect contain correct secur violat uwm affili cover entiti includ design health care compon entiti control univers washington includ univers washington medic center primari teach hospit univers washington school medicin affili cover entiti must place appropri polici process assur hipaa complianc respect entiti part affili group settlement includ monetari payment correct action plan annual report organization’ complianc effort us depart health human servic offic civil right ocr initi investig uwm follow receipt breach report novemb indic electron protect health inform ephi approxim individu access employe download email attach contain malici malwar malwar compromis organization’ system affect data two differ group patient approxim patient involv combin patient name medic record number date servic andor charg bill balanc approxim patient involv name medic record number demograph address phone number date birth charg bill balanc social secur number insur identif medicar number ocr’ investig indic uwm’ secur polici requir affili entiti uptod document systemlevel risk assess implement safeguard complianc secur rule howev uwm ensur affili entiti proper conduct risk assess appropri respond potenti risk vulner respect environ “ often see cover entiti limit risk analysi focus specif system electron medic record fail provid appropri oversight account part enterprise” said ocr director jocelyn samuel “ effect risk analysi one comprehens scope conduct across organ suffici address risk vulner patient data” resolut agreement correct action plan can found ocr websit httpwwwhhsgovocrprivacyhipaaenforcementexamplesuwmindexhtml hhs offer guidanc organ can conduct hipaa risk analysi httpwwwhealthitgovprovidersprofessionalssecurityriskassess
## [1162] employe impermiss access protect health inform phi individu type phi access includ name date birth social secur number address well clinic inform cover entiti ce upmc provid breach notif hhs affect individu media follow breach ce sanction employe notifi law enforc ocr review ces risk analysi ensur complianc secur rule
## [1163] cover entiti ce physician’ car broken park public nonwork locat unencrypt laptop comput seat stolen electron protect health inform ephi involv breach includ address birth date social secur number clinic inform passwordprotect electron medic record softwar affect individu ce file polic report notifi practic partner breach notif provid hhs affect individu media follow breach ce improv safeguard encrypt devic media store access transmit ephi result ocr’ investig ocr provid technic assist ce implement polici formal procedur safeguard mobil devic
## [1164] n
## [1165] cover entiti ce molina healthcar texa inc inadvert mail children health insur plan chip identif id card wrong household affect individu occur due mismatch program id number ce’ system id number chang type protect health inform involv breach includ name address identifi ce provid breach notif hhs affect individu media follow incid ce reprogram softwar reissu id card affect individu addit ce offer month free ident theft protect servic ocr obtain assur ce implement correct action list
## [1166] cover entiti ce kaiser foundat hospit orang counti misplac portabl comput drive contain protect health inform phi individu type phi involv breach includ name date birth medic ce provid breach notif hhs affect individu media follow breach ce began phase use flash drive similar devic initi plan replac comput store phi secur server behind ce’ firewal ocr provid technic assist conduct secur risk analysi result investig ocr inform ce requir conduct enterprisewid secur risk analysi
## [1167] employe cover entiti ce busi associ ba island peer review organ lost unencrypt passwordprotect portabl comput drive usb drive contain patients’ name address date birth social secur number clinic inform diagnos condit identif number includ member identif medicaid identif subscrib identif patient account number patient control number ce new jersey depart human servic provid breach notif hhs ba notifi affect individu media follow breach ba recov usb drive use employe retrain employe ba’ secur polici appropri use encrypt portabl electron media result ocr’ investig technic assist ba retrain certain staff implement polici requir staff use portabl media purchas bas inform system depart ba instal technic safeguard comput approv portabl devic allow access type can render “read ” unus ce indic bas devic access will monitor log guard employe attempt copi data unauthor devic ocr advis ce requir perform thorough accur risk analysi establish risk manag plan
## [1168] septemb person laptop comput contain electron protect health inform ephi paper document contain phi stolen physician’ lock car affect individu stolen laptop contain unencrypt ephi includ patients’ name address social secur number date birth diagnos condit lab result medic treatment relatedephi cover entiti ce univers california san francisco provid breach notif hhs affect individu media respons breach ce updat polici safeguard ephi specif address person own electron devic includ requir encrypt ephi transport offsit must stay within direct possess workforc member ocr obtain written assur ce implement correct action list
## [1169] n
## [1170] octob cover entiti ce learn one employee’ car stolen mobil data drive “flash drive” store databas protect health inform phi unencrypt flash drive contain electron phi approxim individu type ephi involv breach includ patients’ name address birth date social secur number gender ce provid breach notif hhs affect individu media follow breach ce sanction employe improv safeguard relat encrypt mobil devic updat implement polici procedur retrain workforc flash drive recov breach notif mail forens analysi recov flash drive indic evid unauthor access inform ocr obtain assur ce implement correct action list
## [1171] manag unencrypt laptop comput stolen hotel park lot also includ employe login system password cover entiti ce long term care softwar applic laptop contain individu protect health inform phi includ name social secur number address date birth bank account number medicar number possibl diagnos patient locat follow breach ce chang employe password perform analysi ensur attempt made access system long term care applic use prior account password ce improv safeguard encrypt electron devic employ devic allow local storag ce also retrain employe ocr consolid review complianc review involv corpor entiti anoth stolen unencrypt laptop
## [1172] n
## [1173] unencrypt compani laptop stolen car busi associate’ ba employe laptop contain protect health inform phi individu includ employe andor spous name birthdat health plan elect social secur number cover entiti ce provid breach notif hhs ba provid breach notif affect individu media respons incid ce implement polici requir encrypt laptop contain phi ce train employe provid refresh train regard mobil devic encrypt ba implement new certif process ensur client own mobil devic encrypt ocr obtain assur correct action list taken
## [1174] n
## [1175] n
## [1176] contrari cover entiti ce establish polici employe email spreadsheet contain electron protect health inform ephi patient person email account third parti may view spreadsheet phi includ name address condit diagnos follow breach ce hire independ comput forens firm conduct independ investig investig uncov anoth spreadsheet contain phi addit patient employe person email account ce provid breach notif affect individu media hhs post substitut notic websit ce appli sanction violat polici termin respons employe result ocr investig ocr obtain assur ce period conduct risk assess assess vulner ephi comput system
## [1177] cover entiti ce kemmet dental design learn novemb offic broken preced weekend time breakin ce store – paper patient chart contain protect health inform phi offic paper patient chart secur insid offic ce provid breach notif hhs affect individu though ce indic noth appear miss move dental offic differ locat juli implement safeguard lack prior breakin exampl ce convert patient chart secur electron medic record system proper shred old xray proper dispos old paper chart also improv physic secur ocr provid technic assist regard need implement safeguard polici procedur regard ces breach notif report oblig
## [1178] septemb patient cover entiti ce associ urologist north carolina aunc notifi ce internet search name abl see list identifi aunc patient ce investig discov protect health inform phi access internet septemb septemb breach due way medic note transcrib employe upload audio file list patients’ name file transfer protocol ftp site assist transcript file includ name date birth phone number refer physician chart number reason visit patient respons incid ce immedi discontinu use ftp site remov file unsecur websit contact googl cach copi file remov ce also provid breach notif hhs affect individu media offer free credit monitor toll free number answer question ce also review polici retrain staff data privaci inform secur polici addit ce partner secur contractor develop implement new polici procedur safeguard electron phi ocr obtain assur ce implement correct action list
## [1179] novemb cover entiti ce puerto rico health insur administr also known administracion de seguro salud de puerto rico report hhs septemb becam awar vendor busi busi associ ba tripl salud disclos protect health inform phi outsid pamphlet mail beneficiari septemb phi disclos breach includ name mail address health insur claim number ce’ member ce ba provid breach notif affect individu ce provid breach notif media result ocr’ investig ce commit conduct risk analysi implement risk manag plan revis polici procedur retrain staff within specifi time
## [1180] cover entiti ce north carolina depart health human servic divis state oper health care facil impermiss disclos protect health inform phi individu expos phi websit nc open book without author phi involv breach includ patient payment inform name address facil name erron post vendor payment websit ce remov inform websit immedi upon discoveri ce also provid breach notif hhs affect individu media place substitut notic websit addit ce provid tollfre phone number affect individu obtain addit inform follow breach ce implement procedur limit type person identifi inform disclos account system addit ce improv safeguard hipaarel document email correspond contain phi final ce implement procedur requir prior review data releas public redact confidenti inform ocr obtain assur correct action list complet
## [1181] octob cover entiti ce blue cross blue shield north carolina impermiss disclos protect health inform phi individu employe inadvert mail notic regard polici chang incorrect address phi involv breach includ name ce provid breach notif hhs affect individu follow breach ce sanction respons workforc member result ocr’ investig ce provid media notic establish tollfre number affect individu addit ce improv safeguard retrain employe initi regular review mail procedur
## [1182] n
## [1183] n
## [1184] NA
## [1185] colorado health well report alleg impermiss use protect health inform employe affect individu ocr determin breach occur provid technic assist cover entiti
## [1186] two unencrypt flash drive contain electron protect health inform ephi individu stolen staff member’ offic ephi involv breach includ name date birth treatment diagnosi inform medic insur identif number instanc social secur number cover entiti ce genesi rehabilit servic provid breach notif hhs affect individu media provid free credit monitor ce retrain staff member polici regard encrypt flash drive addit ocr’ investig result ce revis hipaa polici
## [1187] cover entiti ce superior healthplan inc mistaken sent mail contain protect health inform phi unrel member approxim individu affect phi involv breach includ name address identif number ce provid breach notif hhs media affect individu post substitut notic websit also offer credit ident theft protect affect parti result ocr’ investig ce implement procedur improv accuraci mail addit ce improv safeguard implement period audit assur id match mail address
## [1188] octob cover entity’ ce facil broken unencrypt laptop stolen affect demograph clinic inform approxim individu ce provid breach notif hhs affect individu media ce increas facility’ physic secur ce also upgrad technolog improv safeguard encrypt equip communic contain ephi implement network file server domain back client data encrypt cloudbas storag servic pursuant ocr’ recommend ce modifi polici train procedur
## [1189] advoc health care network advoc agre settlement us depart health human servic offic civil right ocr multipl potenti violat health insur portabl account act hipaa involv electron protect health inform ephi advoc agre pay settlement amount million adopt correct action plan signific settlement largest todat singl entiti result extent durat alleg noncompli date back incept secur rule instanc involv state attorney general correspond investig larg number individu whose inform affect advoc one largest health system countri “ hope settlement send strong messag cover entiti must engag comprehens risk analysi risk manag ensur individuals’ ephi secure” said ocr director jocelyn samuel “ includ implement physic technic administr secur measur suffici reduc risk ephi physic locat portabl devic reason appropri level” ocr began investig advoc submit three breach notif report pertain separ distinct incid involv subsidiari advoc medic group amg combin breach affect ephi approxim million individu ephi includ demograph inform clinic inform health insur inform patient name address credit card number expir date date birth ocr’ investig incid reveal advoc fail •conduct accur thorough assess potenti risk vulner ephi •implement polici procedur facil access control limit physic access electron inform system hous within larg data support center •obtain satisfactori assur form written busi associ contract busi associ appropri safeguard ephi possess •reason safeguard unencrypt laptop left unlock vehicl overnight advoc health care network largest fullyintegr health care system illinoi treatment locat includ ten acutecar hospit two integr children hospit subsidiari amg nonprofit physicianl medic group provid primari care medic imag outpati specialti servic throughout chicago area bloomingtonnorm illinoi
## [1190] employe cover entiti ce reimburs technolog inc impermiss access check imag approxim patient protect health inform phi involv breach includ person check inform includ bank rout number name address follow breach ce termin employe report breach fbi investig ce review check imag access notifi guarantor offer credit monitor ce monitor employe check view identifi vulner updat hipaa polici procedur includ requir check imag vendor truncat bank rout number ce also improv safeguard instal new firewal ocr obtain assur cover action list complet
## [1191] former employe cover entiti ce rotech remov retain electron file compani comput contain protect health inform phi employe relat ce’ group health plan demograph clinic financi inform individu affect breach ce provid breach notif hhs affect individu media respons breach ce updat polici procedur regard download inform companyissu comput extern devic retriev companyissu remov media depart employe destruct phi ephi ce improv safeguard disabl usb port comput encrypt compani laptop addit ce conduct hipaa gap analysi implement process period analysi updat secur method use back data final ce obtain outsid expert assist review enhanc hipaa train retrain employe ocr obtain assur correct action list complet
## [1192] n
## [1193] two comput contain file dictat letter stolen cover entiti ce greater dalla orthopaed pllc protect health inform phi audio file includ name medic inform approxim individu upon discov breach ce file polic report ce provid breach notif hhs affect individu media ce improv physic secur retrain staff ocr obtain assur ce implement correct action list
## [1194] two unencrypt laptop comput contain protect health inform phi individu stolen secur offic octob type phi involv breach includ financi inform diagnos condit treatment inform demograph inform cover entiti ce ahmc provid breach notif hhs affect individu media follow breach ce implement maintain encrypt plan also develop polici procedur regard access receipt remov electron phi ephi also improv safeguard reduc risk vulner ephi result investig ocr provid technic assist ce regard oblig implement maintain polici procedur compli privaci secur rule conduct accur thorough risk analysi implement risk manag plan ocr also provid technic assist regard encrypt
## [1195] laptop comput contain protect health inform phi stolen vehicl cover entiti ce workforc member approxim individu affect breach phi includ patient name date birth medic record account number ce immedi report laptop theft polic respons breach ce provid notic hhs affect individu media addit ce encrypt compani laptop retrain provid employe possess compani laptop appli disciplinari polici employe involv incid ocr obtain assur cover entiti implement correct action list
## [1196] cover entiti ce samaritan region health system mismatch name address mail former patient recent deceas physician protect health inform phi includ name address approxim individu ce provid breach notif affect individu media hhs post substitut notic websit follow breach ce retrain staff proper address valid techniqu implement new audit procedur mail ocr obtain assur ce implement correct action list
## [1197] transcript company’ subcontractor misconfigur server search engin googl abl locat server index record machin includ name date servic medic record number date birth type proceduresdiagnos martin luther king jr health center cover entiti ce retain transcript compani profession transact servic ptc provid breach notif hhs affect individu media ce learn breach initi investig learn ptc’s subcontractor immedi disabl server destroy hard drive store phi work googl remov phi googl cach ce also engag technic consult conduct forens analys work ensur affect patients’ record longer found common use internet search engin ce also termin relationship ptc engag new transcript compani ocr obtain assur ce implement correct action list
## [1198] transcript company’ subcontractor misconfigur server search engin googl abl locat server index record machin includ name date servic medic record number date birth type proceduresdiagnos patient cover entiti ce bronx lebanon hospit center ce retain transcript compani profession transact servic ptc provid breach notif hhs affect individu media ce learn breach initi investig learn ptc’s subcontractor immedi disabl server destroy hard drive store phi work googl remov protect health inform phi googl cach ce also engag technic consult conduct forens analys work ensur affect patients’ record longer found common use internet search engin ce also termin relationship ptc engag new transcript compani ocr obtain assur ce implement correct action list
## [1199] ocr open investig cover entiti ce seton healthcar famili report octob unencrypt laptop comput contain electron protect health inform ephi patient stolen clinic ephi includ patient name medic record number account number social secur number date birth diagnos immun insur inform ce notifi hhs affect individu media accord breach notif rule provid free credit monitor servic one year ce took number correct action prevent futur breach implement full disk encrypt polici appli prior deploy new comput updat intern process retrain staff updat process ce also sanction retrain workforc member involv breach confirm appli dell technician involv system upgrad includ encrypt ocr obtain assur ce implement correct action list
## [1200] unauthor person evad network secur ferri state univers michigan colleg optometri decemb place malwar program comput ferri use oper websit technic abil access electron file certain network server breach electron protect health inform ephi affect approxim individu includ patient name date birth social secur number address diagnosescondit financi claim inform clinic inform treatment inform cover entiti ce provid breach notif hhs affect individu media post substitut notif breach incid websit ce creat dedic call center regard breach also offer one year free credit monitor individu whose social secur number involv breach follow breach ce engag outsid forens secur firm conduct intern investig instal latest oper system patch network asset web server appli latest version antivirus malwar server ce verifi remov ephi applic archiv file work custom remov sensit data block specif internet address network ce also revis polici procedur address administr technic physic safeguard patients’ phi addit ce train employe polici procedur document recent risk analysi correspond risk manag plan ocr obtain document evidenc ce implement correct action list
## [1201] n
## [1202] n
## [1203] broward health medic center cover entiti ce discov employe taken paper patient facesheet premis stolen employee’ home visitor name date birth address telephon number social secur number primari insur provid insur guarantor reason visit employ emerg contact inform pertain potenti affect individu expos due breach ce provid breach notif hhs affect individu media time breach ce polici place prohibit remov phi facil employe fault incid longer employ ce respons breach ce retrain workforc reinforc exist polici ocr provid technic assist regard procedur respond report privaci incid well ce’ oblig breach notif rule event law enforc delay ocr obtain assur ce implement correct action list
## [1204] client contact list inadvert attach group email parent guardian client employe cover entiti ce hope communiti resourc affect individu protect health inform phi involv breach includ client name contact inform client support person date birth intern identif number issu ce ce provid breach notif hhs affect individu media follow breach ce sanction respons employe improv safeguard institut new qualiti measur larg mail follow ocr’ investig ce updat risk analysi outsid vendor
## [1205] former employe cover entiti ce north countri hospit health center retain possess retir unencrypt laptop comput contain protect health inform phi follow termin juli type phi involv breach includ electron sign physician order date order providers’ name well patient name demograph inform clinic inform includ diagnos ce provid breach notif hhs affect individu media result ocr’ investig ce instal remov disk encrypt laptop well desktop comput store phi also revis comput system risk manag polici ce also implement termin checklist termin procedur ocr provid technic assist ce regard risk analysi
## [1206] employe cover entiti ce later resign effect juli email confidenti document companyissu laptop comput person email account without author email data contain protect health inform phi approxim individu protect health inform involv breach includ first last name diagnos medic name ce provid breach notif hhs affect individu media upon discoveri breach ce’ outsid legal counsel ce contact employe employee’ new employ assur affidavit prohibit involv employe employee’ new employ transfer andor disclos sensit confidenti inform phi later obtain preliminari injunct motion ocr obtain assur ce implement correct action list
## [1207] newli hire janitori servic mistaken dispos inform face sheet await remov cover entity’ ce breach center shred bin face sheet shred face sheet belong ce rose medic center hospit corpor america facil contain protect health inform phi includ demograph inform social secur number insur inform physician inform next kin contact inform approxim individu ce provid time written notic affect individu hhs media result ocr’ investig ce institut new procedur wherebi document contain phi must dispos direct secur shred bin rather recycl bin ce also launch companywid initi implement improv procedur safeguard social secur number remov number document possibl minim print document contain phi ce also retrain staff hipaa privaci rule final ce’ breast center ceas print duplic face sheet full social secur number face sheet
## [1208] n
## [1209] n
## [1210] cover entiti ce musc physician muha learn august payment portal busi associ ba blackhawk statement group hack june breach expos name address email address credit care inform individu ce provid breach notif hhs affect individu media post notic websit respons breach ce chang payment procedur circumv ba process credit card transact direct processor ba patch vulner softwar target hack improv network secur breach incid involv ba occur prior septemb complianc date ocr verifi ce proper ba agreement place restrict ba’ use disclosur protect health inform phi requir ba safeguard phi ocr obtain assur ce implement correct action list
## [1211] n
## [1212] n
## [1213] ocr open investig cover entiti ce mt sinai medic center report trash vendor place two garbag bag open box contain protect health inform phi patient outsid mt sinai’ depart prevent medicine’ facil regular trash phi involv breach includ name date servic payer inform patients’ clinic inform mental health inform social secur number result breach ce retriev two trash bag box contain phi provid train staff regard appropri dispos phi includ paper file sanction supervisor fail follow polici regard confidenti wast ocr provid ta ce regard account disclosur ce assur ocr disclosur document
## [1214] august cover entiti ce caromont medic group perform intern audit found unencrypt email sent employe august employe email spreadsheet person email contain follow protect health inform phi individu patients’ name date birth medic record number insur provid insur number diagnos two medicaidmedicar number ce provid breach notif hhs affect individu media respons incid ce review polici updat secur email polici requir employe attest review new polici ce train staff data privaci inform secur implement secur control encrypt extern email contain attach ocr obtain assur ce implement correct action note
## [1215] n
## [1216] ce sent erron mail individu display protect health inform phi address window envelop phi involv breach includ patients’ name medic record number diagnos address ce provid breach notif hhs affect individu media follow breach ce review updat implement applic procedur correct caus incid respons ocr’ investig ce provid document correct action taken
## [1217] employe remov paper copi daili patient schedul two medic report cover entiti ce transcript process depart without author upon termin employ approxim individu affect breach protect health inform phi involv breach includ patient name telephon number appoint date time date birth reason visit visit site assign staffphysician chart number insur compani code copay encount number treatment inform ce provid breach notif hhs media affect individu provid one year free credit monitor request follow breach ce cooper local author arrest prosecut involv employe ce updat privaci polici procedur organ polici hipaa manual retrain employe privaci polici procedur respons ocr investig ce decid replac electron medic record practic manag system improv safeguard electron phi
## [1218] septemb unencrypt person laptop comput contain electron protect health inform ephi paper document contain phi stolen workforc member’ lock car laptop contain unencrypt ephi pertain individu paper document contain phi patient type phi involv breach includ patients’ name address date birth medic record number social secur number diagnos condit date servic lab result medic treatmentrel phi cover entiti ce univers california san francisco provid breach notif hhs affect individu media follow breach ce retrain workforc member encrypt use email person devic best practic share phi document via email ocr obtain assur ce implement correct action note
## [1219] tsys employe health plan cover entiti ce discov employe ce’ busi associ ba paragon benefit inc misappropri digit file contain protect health inform phi beneficiari ce sent time breach notif hhs affect individu media post substitut notif websit respons breach ce provid affect individu ident theft protect credit monitor tax form contact inform feder trade commiss instruct put credit freez credit account ocr determin ce ba effect ba agreement place time breach ce termin contract ba decemb ba continu provid servic outstand claim submit ce’ behalf ce obtain assur ba addit secur measur implement ocr obtain assur ce implement correct action list
## [1220] cover entiti ce unitypoint health discov offic manag independ privat practic use physicians’ password access patients’ protect health inform phi type phi involv breach includ name social secur number address driver’ licens number date birth diagnos lab result medic affect approxim individu ce provid breach notif hhs affect individu media contact proper author investig possibl crimin infract ce investig breach result offic manager’ resign job ce also retrain physician share password offic manag obtain written assur longer share password ocr obtain review ce’ hipaa complianc document
## [1221] ocr open investig cover entiti ce paul g klein dpm report encrypt password protect laptop stolen contain electron protect health inform ephi individu ephi includ name address date birth social secur number diagnos lab test result medic medic note treatment plan upon discoveri breach ce file polic report recov stolen item result ocr’ investig ce provid confirm encrypt softwar multilay password protect softwar instal stolen laptop ocr determin impermiss disclosur ephi constitut breach hipaa rule provid technic assist ce regard requir breach notif rule
## [1222] n
## [1223] august cover entiti ce dr carol l patrick discov offic broken oper comput network server work station stolen stolen equip contain electron protect health inform ephi approxim individu includ clinic inform specif psycholog assess evalu letter report evalu written behalf client ce provid breach notif hhs affect individu media file polic report follow breach ce improv physic safeguard instal secur system motion fire protect intern alarm ce also instal encrypt softwar updat privaci polici ocr obtain assur ce implement correct action list
## [1224] august unencrypt laptop comput contain protect health inform phi individu stolen lock suppli closet cover entity’ ce facil type phi involv breach like includ patients’ name gender address telephon number date birth health insur inform medic record includ appoint note diagnosi treatment surgeri note lab test result prescript instruct inform relat podiatr care ce provid breach notif hhs affect individu media also contact polic follow breach ce conduct enterprisewid risk analysi implement risk manag plan encrypt workstat devic improv physic safeguard ce also implement sever administr technic safeguard ensur complianc secur rule ocr obtain assur ce implement correct action list
## [1225] NA
## [1226] n
## [1227] cover entiti ce region ten communiti servic board report multipl employe respond email appear come intern sender inform mailbox exceed limit instruct follow link enter usernam password forens investig conduct show sensit client inform compromis howev effort mitig potenti harm ce sent notif individu sent press releas local news station also post inform occurr websit ce engag servic technolog consult firm provid ocr written assur implement updat comput network includ addit firewal
## [1228] employe access use protect health inform phi outsid job duti file fraudul tax return phi involv breach includ name address social secur number individu cover entiti ce holi cross hospit provid breach notif hhs affect individu media ce retrain staff dissemin educ materi implement extens risk manag plan bolster procedur audit monitor phi use access ocr obtain assur ce implement correct action list ce also termin employ involv employe
## [1229] n
## [1230] workforc member cover entiti ce sierra view medic center impermiss access intern hospit roster cover differ depart period sever day juli august potenti affect electron protect health inform ephi approxim one thousand nine individu ephi includ patient name room number treat physician inform diagnos medic record data includ treatment note ce provid breach notif hhs affect individu media ce investig determin employe use inform despit impermiss access ce sanction employe implement complianc action meet workforc secur standard includ login monitor ce also revis polici procedur conduct train secur awar standard ocr provid substant technic assist identifi correct action ce must complet compli secur rule includ follow conduct monitor comprehens enterprisewid risk analysi updat monitor risk manag plan monitor inform access manag ensur adequ safeguard ephi
## [1231] n
## [1232] protect health inform phi approxim individu purpos taken employe ident theft purpos employe took copi patients’ name date birth mail address social secur number bank account number credit card number medic inform cover entiti ce wait order report breach ocr due crimin investig new york citi polic district attorney’ offic ce hire consult conduct investig risk analysi risk manag plan addit ce’ consult review privaci secur rule polici procedur retrain staff last ce notifi patient regard incid requir breach notif rule ocr obtain assur ce implement correct action list
## [1233] n
## [1234] advoc health care network advoc agre settlement us depart health human servic offic civil right ocr multipl potenti violat health insur portabl account act hipaa involv electron protect health inform ephi advoc agre pay settlement amount million adopt correct action plan signific settlement largest todat singl entiti result extent durat alleg noncompli date back incept secur rule instanc involv state attorney general correspond investig larg number individu whose inform affect advoc one largest health system countri “ hope settlement send strong messag cover entiti must engag comprehens risk analysi risk manag ensur individuals’ ephi secure” said ocr director jocelyn samuel “ includ implement physic technic administr secur measur suffici reduc risk ephi physic locat portabl devic reason appropri level” ocr began investig advoc submit three breach notif report pertain separ distinct incid involv subsidiari advoc medic group amg combin breach affect ephi approxim million individu ephi includ demograph inform clinic inform health insur inform patient name address credit card number expir date date birth ocr’ investig incid reveal advoc fail •conduct accur thorough assess potenti risk vulner ephi •implement polici procedur facil access control limit physic access electron inform system hous within larg data support center •obtain satisfactori assur form written busi associ contract busi associ appropri safeguard ephi possess •reason safeguard unencrypt laptop left unlock vehicl overnight advoc health care network largest fullyintegr health care system illinoi treatment locat includ ten acutecar hospit two integr children hospit subsidiari amg nonprofit physicianl medic group provid primari care medic imag outpati specialti servic throughout chicago area bloomingtonnorm illinoi
## [1235] n
## [1236] n
## [1237] secret servic discov patient inform page print cover entiti ce electron medic record system vacant home south georgia breach affect individu whose name date birth insur inform schedul inform refer physician phone number social secur number includ print page ce delay send notif base law enforc request author move forward ce time sent breach notif hhs affect individu media ce also post notif breach websit respons breach ce implement chang polici procedur increas monitor user activ comput system ocr obtain assur ce implement correct action list
## [1238] upon request subcontractor phm softwar solut cover entiti ce busi associ ba phm healthcar solut modifi softwar applic ce util led disclosur electron protect health inform ephi individu internet ephi includ name gender member identif number date birth consent form ce provid breach notif hhs media affect individu post substitut notic websit upon discoveri breach ba remov softwar applic place offlin result ocr investig ce ba conduct risk analysi creat risk manag plan address vulner identifi risk analysi breach incid involv ba occur prior septemb complianc date ocr provid technic assist assist ce understand oblig privaci secur rule regard ba agreement
## [1239] n
## [1240] june two unencrypt laptop comput stolen cover entiti facil san jose california one laptop report contain electron protect health inform ephi approxim individu particular ephi includ full name home address telephon number date birth inform medic record ce provid breach notif hhs affect individu media establish websit assist potenti affect individu ce implement measur improv physic secur safeguard ephi maintain ocr provid substant technic assist identifi correct action ce must complet compli secur rule includ follow conduct monitor comprehens enterprisewid risk analysi well administ measur support result analysi articul polici procedur maintain current busi associ agreement
## [1241] period three half year employe kaiser foundat health plan northwest cover entiti ce access patient record either without busi need know beyond minimum necessari job impermiss access employe total individu type protect health inform involv breach includ name treatment inform ce provid breach notif hhs affect individu follow discoveri breach ce retrain employe intens investig termin employe disciplin four other relat misconduct ocr obtain written assur correct action taken
## [1242] juli two desktop comput contain protect health inform phi stolen cover entiti ce olson white orthodont breakin name address date birth social secur number claim inform diagnos treatment inform affect report disclos ce util system encrypt protect phi howev softwar oversight may result phi store unencrypt manner stolen comput ce provid breach notif hhs affect individu media post substitut notic websit follow breach ce report theft proper author ad offsit data backup storag improv physic safeguard addit retrain staff elimin offic procedur result storag unencrypt phi result ocr’ investig ce updat use disclosur polici provid train updat polici ce also provid ocr document correct action
## [1243] august cover entiti ce dr benkelman discov unencrypt offic laptop comput stolen unlock offic result breach affect approxim patient electron protect health inform ephi includ demograph mental health inform diagnosescondit ce report theft polic provid breach notif hhs media affect individu ce also offer credit monitor affect individu ce close practic fall due breach
## [1244] n
## [1245] atlanta center reproduct medicin cover entiti ce discov juli employe unintent attach wrong file email sent one patient file contain protect health inform phi includ name date birth address medic record number social secur number condit treatment diagnost inform individu ce obtain assur file contain phi destroy use disclos parti ce provid time breach notif hhs affect individu media respons breach ce revis polici procedur concern transmiss phi via email provid addit train staff ocr obtain assur ce implement correct action list
## [1246] cogent healthcar inc busi associ ba provid manag servic provid hospitalist servic submit breach report hhs behalf cover entiti bas privaci offic found protect health inform phi ba respons access file transfer protocol ftp internet site phi involv breach affect approxim individu includ patient name physician name date birth diagnos treatment summari medic histori medic record number relat inform ocr determin report entiti ba incid occur prior septemb enforc date ocr provid ba technic assist regard current hipaa privaci secur rule ba requir
## [1247] unencrypt laptop comput contain electron protect health inform ephi approxim individu stolen cover entiti ce ut physician facil laptop store lock closet area secur key card laptop attach electromyographi emg nerv devic inventori medic devic ephi includ patient name date birth medic record number along valu emg machin ce provid breach notif hhs affect individu media follow breach ce replac stolen laptop encrypt laptop improv physic safeguard new laptop addit inventori assess devic equip contain ephi brought complianc ce’ polici includ encrypt requir ocr obtain copi ces current risk analysi risk manag plan evid implement secur measur includ evid secur measur reduc risk comput theft
## [1248] employe impermiss disclos approxim patients’ protect health inform phi employe sent email messag patient fail place patients’ email address blind carbon copi area email type phi involv breach email address ce provid breach notif hhs affect individu media cover entiti ce summit communiti care clinic inc polici procedur place address secur issu regard email respons incid ce retrain staff polici procedur individu counsel respons employe ocr provid technic assist regard ce’ oblig secur breach notif rule obtain assur ce implement correct action list
## [1249] advoc health care network advoc agre settlement us depart health human servic offic civil right ocr multipl potenti violat health insur portabl account act hipaa involv electron protect health inform ephi advoc agre pay settlement amount million adopt correct action plan signific settlement largest todat singl entiti result extent durat alleg noncompli date back incept secur rule instanc involv state attorney general correspond investig larg number individu whose inform affect advoc one largest health system countri “ hope settlement send strong messag cover entiti must engag comprehens risk analysi risk manag ensur individuals’ ephi secure” said ocr director jocelyn samuel “ includ implement physic technic administr secur measur suffici reduc risk ephi physic locat portabl devic reason appropri level” ocr began investig advoc submit three breach notif report pertain separ distinct incid involv subsidiari advoc medic group amg combin breach affect ephi approxim million individu ephi includ demograph inform clinic inform health insur inform patient name address credit card number expir date date birth ocr’ investig incid reveal advoc fail •conduct accur thorough assess potenti risk vulner ephi •implement polici procedur facil access control limit physic access electron inform system hous within larg data support center •obtain satisfactori assur form written busi associ contract busi associ appropri safeguard ephi possess •reason safeguard unencrypt laptop left unlock vehicl overnight advoc health care network largest fullyintegr health care system illinoi treatment locat includ ten acutecar hospit two integr children hospit subsidiari amg nonprofit physicianl medic group provid primari care medic imag outpati specialti servic throughout chicago area bloomingtonnorm illinoi
## [1250] n
## [1251] octob contractor discov abandon protect health inform phi mandan hidatsa arikara nations’ minnetoh facil materi includ cardboard box file cabinet binder contain print phi pharmaceut bag contain print phi medic contain cage area broken open padlock twelv comput tower three minis comput laptop hard drive contain electron phi cover entiti ce discov addit binder phi may ce estim individuals’ phi store minnetoh prior move elbowood memori health center facil ocr provid ce substanti technic assist result ocr’ investig ce reloc store materi new facil conduct risk analysi develop risk manag plan develop polici procedur safeguard phi
## [1252] august cover entiti ce north texa comprehens spine pain center report breach employee’ car broken extern hard drive stolen hard drive contain demograph clinic inform individu ce provid breach notif hhs affect individu media employe author take protect health inform phi home part job duti follow breach ce sanction involv employe encrypt hard drive chang polici prohibit employe remot access phi ocr verifi correct action taken ce
## [1253] n
## [1254] passwordword protect unencrypt laptop stolen cover entity’ ce employee’ car neighborhood laptop contain protect health inform phi individu includ patient name date birth address telephon number social secur number diagnos level care date servic health insur identifi ce conduct investig file polic report ce provid breach notif hhs affect individu follow breach ce disabl laptop’ access intern system chang password employe formal reprimand retrain ce hire expert perform risk assess gap analysi exist privaci secur practic polici procedur institut polici prohibit workforc member remov unencrypt compani laptop premis ce retrain employe level hipaa polici procedur provid companywid email remind workforc member regard privaci secur protect ce establish role address complianc includ complianc committe complianc director ocr obtain assur correct action list taken two three individu involv theft laptop arrest
## [1255] n
## [1256] cover entiti ce sale repres use incorrect group number base erron membership data file result impermiss disclosur protect health inform phi ces busi associ ba breach affect approxim individu includ demograph inform follow breach ce obtain certif ba destroy phi determin low risk harm affect individu ce also sent memorandum correct actionsanct polici account manag staff regard qualiti control procedur institut addit qualiti control procedur counsel involv sale repres ocr obtain assur ce implement correct action list
## [1257] employe cover entiti ce hancock obgyn impermiss access electron protect health inform ephi individu without necessari busi reason ephi includ name date servic medic record number clinic inform ce provid breach notif hhs affect individu media upon discov breach ce termin respons individuals’ employ result ocr’ investig ce revis polici procedur relat safeguard ephi implement routin audit employe access ephi
## [1258] n
## [1259] n
## [1260] former employe cover entiti ce baylor saint medic center fort worth breach protect health inform phi via text messag forward pager ce phi involv breach includ name demograph inform patients’ bed locat emerg depart er admiss notif approxim individu breach notif provid hhs affect individu media follow breach ce disabl copi forward featur pager receiv messag pager vendor revis pager procedur result ocr’ investig vendor’ softwar page server configur chang ce revis pager requisit form reflect prohibit devic set
## [1261] breakin burglari took place offic health resourc hra busi associ ba cover entiti ce arkansa depart human servic dhs two laptop comput contain client file protect health inform phi approxim individu stolen follow breach ce improv physic safeguard retrain workforc member revis hipaa train employe incid report procedur revis arkansa busi associ agreement baa provis report breach incid addit ocr’ investig result ce’ develop plan survey baa assess hipaa complianc conduct onsit inspect
## [1262] june august cover entiti ce missouri depart social servic discov ’s busi associ ba infocross inc mail missouri medicaid mo participants’ enrol correspond incorrect address period octob june correspond contain mo medicaid participants’ name date birth mo medicaid account number counti phone number last four digit participants’ social secur number affect approxim individu ce provid breach notif hhs affect individu media well missouri attorney general offic prevent similar breach happen futur ce delet participants’ mail address system provid train workforc polici procedur regard cybersecur awar ocr obtain document assur ce implement correct action list
## [1263] n
## [1264] cover entiti ce rocki mountain spine clinic report employe sent email contain protect health inform phi approxim patient person email account phi involv breach includ name social secur number insur number inform descript procedur treat physician name ce provid breach notif hhs affect individu media follow breach ce sanction employe ensur phi longer employee’ person comput email account retrain staff relev privaci secur rules’ provis ocr obtain copi ces hipaa polici procedur obtain assur ce implement correct action note
## [1265] NA
## [1266] oregon health scienc univers ohsu agre settl potenti violat health insur portabl account act hipaa privaci secur rule follow investig us depart health human servic offic civil right ocr found widespread divers problem ohsu will address comprehens threeyear correct action plan settlement includ monetari payment ohsu depart ocr’ investig began ohsu submit multipl breach report affect thousand individu includ two report involv unencrypt laptop anoth larg breach involv stolen unencrypt thumb drive incid garner signific local nation press coverag ocr’ investig uncov evid widespread vulner within ohsu’ hipaa complianc program includ storag electron protect health inform ephi individu cloudbas server without busi associ agreement ocr found signific risk harm individu due sensit natur diagnos ohsu perform risk analys ocr’ investig found analys cover ephi ohsu’ enterpris requir secur rule analys identifi vulner risk ephi locat mani area organ ohsu act time manner implement measur address document risk vulner reason appropri level ohsu also lack polici procedur prevent detect contain correct secur violat fail implement mechan encrypt decrypt ephi equival altern measur ephi maintain workstat despit identifi lack encrypt risk “ wellpublic larg scale breach find risk analys ohsu everi opportun address secur manag process insuffici furthermor ohsu address lack busi associ agreement allow vendor store ephi” said ocr director jocelyn samuel “ settlement underscor import leadership engag critic csuit take hipaa complianc seriously” ohsu larg public academ health center research univers center portland oregon compris two hospit multipl general specialti clinic throughout portland throughout state oregon
## [1267] electron protect health inform ephi use disclos workforc member cover entiti ce louisiana state univers health care servic divis produc fraudul check steal cash ephi includ check account driver’ licens social secur number demograph inform approxim individu ce provid breach notif hhs affect individu media upon discov breach ce sanction involv workforc member ce improv physic secur adopt new secur procedur ocr obtain assur ce implement correct action list
## [1268] n
## [1269] cover entiti ce brookdal hospit medic center report breach staff pharmacist lost unencrypt usb extern hard drive contain electron protect health inform ephi patient ephi includ address zip code date birth diagnosi code medic record number ce provid breach notif hhs affect individu media follow loss ce disabl usb port comput prevent staff member use usb extern hard drive store data electron record system establish polici obtain encrypt usb extern hard drive depart retrain pharmacist staff result ocr’ investig technic assist ce expect review revis polici procedur train materi regard report breach incid usag mobil portabl devic staff member addit ocr state expect ce will perform thorough accur enterpris wide risk analysi establish risk manag plan address threat vulner identifi risk analysi
## [1270] fbi notifi cover entiti ce geo care geo care employe inappropri access patient admiss report approxim patient south florida state hospit provid third parti employe cousin without author employe cousin attempt sell report illeg purpos protect health inform phi involv breach includ name date birth social secur number admiss date discharg date patient unit name ce provid breach notif hhs media post substitut notic websit also offer ident theft protect affect individu respons staff member termin accord ces polici also crimin indict follow breach ce improv safeguard limit use full social secur number restrict access document perform week audit workforc member access document full social secur number addit ce updat privaci secur polici procedur develop new polici procedur also revis polici employe access electron phi base job titl function provid retrain employe regard access disclosur phi ocr obtain assur correct action list complet
## [1271] NA
## [1272] octob novemb employe san jose medic suppli inc sjms impermiss disclos inform regard sjms patient inform contain excel spreadsheet prescript contain full name address zip code medic condit diagnos licens number physicians’ contact inform date prescript obtain sjms initi forens secur investig identifi perpetr breach determin recipi inform train employe hipaa regul patient inform secur procedur file lawsuit front medic suppli individu perpetr sjms provid breach notif california attorney general secretari hhs affect individu media sjms enhanc comput secur protect protocol ensur patient inform protect unauthor access sanction respons workforc member updat polici procedur ocr determin sjms cover entiti
## [1273] n
## [1274] cover entiti ce sheet metal local welfar fund report employe busi associ ba peopl resourc corpor inadvert upload excel spreadsheet contain ce’ member assist program map elig data onto unsecur websit maintain ba unknown individu entiti believ china upload data two addit websit addit two websit contain link ba’ unsecur websit spreadsheet contain name address date birth social secur number member depend ba purchas e health inc septemb ce provid breach notif hhs affect individu media ba immedi remov protect health inform phi unsecur websit confirm phi longer avail websit internet search engin confirm one spreadsheet access unauthor parti spreadsheet view compromis ba adopt addit protect prevent futur unauthor disclosur includ manag level review document post websit addit ce met vendor review vendors’ secur procedur protocol institut review program well review intern procedur ocr obtain assur ce ba implement correct action list
## [1275] hansen associ inc cover entiti ce report may may employe inappropri use workstat violat polici multipl occas employe ad softwar program allow remot access desktop comput person comput store inform cloud person access employee’ conduct temporarili affect ce’ abil access protect health inform phi maintain workstat breach affect individu type phi involv includ name social secur number address date birth claim clinic diagnos condit ce provid breach notif affect individu media hhs upon discov breach ce conduct intern investig assist inform technolog vendor notifi local law enforc regard employee’ misconduct implement physic administr secur safeguard respons subject incid draft new polici procedur regard oblig privaci secur breach notif rule ocr obtain assur ce implement correct action note
## [1276] famili health network busi associ ba cover entiti ce illinoi depart healthcar famili servic mail member identif card wrong address due comput program error breach affect protect health inform approxim individu includ name date birth stateissu medicaid number follow breach ba correct case number convers process manual review import data ce ba review respect privaci polici procedur remind workforc member polici ba provid breach notif hhs ce affect individu media ocr obtain document assur ce implement correct action step note
## [1277] n
## [1278] n
## [1279] cover entiti ce medtron misplac box paper record contain protect health inform phi approxim individu box contain patient pump train record includ checklist train receiv patient name devic serial number phone number case email address record may also includ social secur number medic necess form physician order copi document one patient medic record ce provid breach notif affect individu hhs follow breach ce improv safeguard redesign record track procedur instal softwar addit box track capabl ocr obtain assur ce implement correct action list
## [1280] lack time action risk secur cost money us depart health human servic offic civil right ocr announc health insur portabl account act hipaa civil money penalti children’ medic center dalla children’ base impermiss disclosur unsecur electron protect health inform ephi noncompli mani year multipl standard hipaa secur rule ocr issu notic propos determin accord cfr includ instruct children’ file request hear children’ request hear accord ocr issu notic final determin children paid full civil money penalti million children’ pediatr hospit dalla texa part children’ health seventh largest pediatr health care provid nation januari children’ file breach report ocr indic loss unencrypt nonpassword protect blackberri devic dallasfort worth intern airport novemb devic contain ephi approxim individu juli children file separ hipaa breach notif report ocr report theft unencrypt laptop premis sometim april april children report devic contain ephi individu although children implement physic safeguard laptop storag area eg badg access secur camera one entranc also provid access area workforc author access ephi ocr’ investig reveal children’ noncompli hipaa rule specif failur implement risk manag plan contrari prior extern recommend failur deploy encrypt equival altern measur laptop work station mobil devic remov storag media april despit children knowledg risk maintain unencrypt ephi devic far back children issu unencrypt blackberri devic nurs allow workforc member continu use unencrypt laptop mobil devic “ensur adequ secur precaut protect health inform includ identifi secur risk immedi correct essential” said ocr act director robinsu frohboes “although ocr prefer settl case assist entiti implement correct action plan lack risk manag cost individu secur data can also cost cover entiti sizabl fine” notic propos determin notic final determin may found ocr websit httpwwwhhsgovhipaaforprofessionalscomplianceenforcementagreementschildren
## [1281] n
## [1282] n
## [1283] alameda counti sheriff’ offic found list protect health inform phi belong individu unrel investig provid cover entiti ce sutter health east bay region list contain demograph inform name address date birth social secur number identifi ce determin phi stolen workforc member busi associ ba phi belong patient follow ce hosptial alta bate summit medic center sutter delta medic center eden medic center ce provid breach notif hhs media affect individu provid affect individu one year free credit monitor follow breach ce conduct intern forens investig hire extern forens firm fulli implement data loss prevent technolog ocr obtain assur ce implement correct action list addit workforc member respons breach longer employ ba
## [1284] n
## [1285] cover entiti ce samaritan region health system mismatch name address mail former patient recent deceas physician protect health inform phi includ name address approxim individu ce provid breach notif affect individu media hhs post substitut notic websit follow breach ce retrain staff proper address valid techniqu implement new audit procedur mail ocr obtain assur ce implement correct action list
## [1286] laptop comput stolen hour lab cover entiti ce south florida neurolog associ laptop contain protect health inform phi approxim patient contain demograph clinic inform includ patients’ name date birth diagnos ce notifi law enforc initi investig addit ce provid breach notif hhs affect individu media post substitut notic websit ce improv physic safeguard improv administr safeguard impos restrict access polici lab
## [1287] cover entiti health net inc hn erron mail identif card member former address due system error contractor cogniz technolog servic hn also act busi associ cover entiti type protect health inform phi includ demograph inform members’ name hn provid breach notif hhs affect individu media follow breach hn uncov correct program error develop implement new program help ensur sync beneficiari address specif enrol file hn’s master address file accur ocr provid technic assist regard secur risk analysi determin hn must conduct enterprisewid secur risk analysi
## [1288] busi associ ba employe erron sent health plan member protect health inform phi plan member phi involv breach includ name prescrib medic cover entiti northrop grumman retire health plan provid breach notif hhs ba cvs caremark provid breach notif affect individu media follow breach ba revis qualiti control polici target mail retrain employe involv breach prevent similar incid futur ocr obtain assur ba implement breach notif polici revis list
## [1289] n
## [1290] encrypt laptop comput stolen aflac associ vehicl puerto rico laptop contain phi approxim individu contain demograph financi clinic inform includ patient name address birthdat social secur number claim inform diagnos cover entiti file polic report provid breach notif affect individu hhs media respons workforc member sanction ocr acknowledg incid constitut report breach breach notif rule laptop suffici encrypt
## [1291] june cover entiti ce lone star circl care report breach work forc member’ car broken unencrypt passwordprotect laptop comput stolen protect health inform phi involv breach includ financi clinic inform individu ce provid breach notif hhs affect individu media follow incid ce encrypt laptop revis polici store phi hard drive mobil devic addit ce retrain staff privaci secur polici ocr obtain assur ce implement correct action list
## [1292] ocr open investig cover entiti ce dr jame fosnaugh report comput chip thumb drive fallen case point may thumbdriv contain name date birth address phone number case name famili member list famili medic histori incid affect approxim ce’ patient ce provid breach notif hhs affect individu media prevent similar breach happen futur ce establish team respons identifi secur issu aris ce also retrain employe polici procedur regard privaci secur rule result ocr’ investig ce complet risk analysi ensur adequ safeguard electron protect health inform
## [1293] n
## [1294] cover entiti ce jacksonvill spine center impermiss disclos protect health inform phi approxim individu workforc member misaddress envelop due spreadsheet error mail result individu receiv correspond anoth patient name envelop phi involv breach patient name ce provid breach notif hhs media affect individu notic individu request patient either return envelop ce destroy envelop result incid ce issu written warn respons workforc member pursuant ces sanction polici moreov ce implement addit safeguard includ check data file integr prior send mail ocr obtain assur ce implement correct action list
## [1295] n
## [1296] n
## [1297] cover entity’ ce lock build burglar lock medic chart room contain protect health inform phi paper form broken access unknown person phi remov forens determin attempt access electron phi ce’ comput medic chart potenti access includ name date birth address social secur number financi inform medic treatment inform lab result individu ce improv physic safeguard repair replac broken lock ad secur camera ocr’ investig confirm appropri breach notif made correct action step taken ocr also requir ce updat breach notif polici procedur retrain staff revis polici
## [1298] cover entiti ce fayettevill va medic clinic optic shop impermiss disclos protect health inform phi approxim individu place consult report recycl bin rather shred bin januari april phi involv breach includ patients’ name social secur number birthdat address phone number ce provid breach notif hhs media potenti affect patient also offer credit monitor ce investig incid remov shred identifi document recycl bin provid document shredder onsit addit ce retrain employe regard secur dispos method document contain phi moreov respons staff member sanction accord ce’ polici ocr obtain assur correct action list complet
## [1299] cover entiti ce stanford school medicin som stanford children hospit schformer lucil packard children hospit report may workforc member’ laptop stolen badgeaccess control area hospit sch employ workforc member howev som own manag laptop laptop passwordprotect encrypt electron protect health inform ephi approxim individu may affect breach type ephi involv includ clinic demograph inform ce report theft law enforc notifi affect individu offer ident protect servic cost affect individu establish tollfre call center assist affect individu question concern submit notif media hhs follow breach ocr’ correspond investig ce sanction workforc member violat hipaa polici ensur som’ devic encrypt compliant data secur polici restrict sch users’ abil download attach unencrypt devic ce also initi plan implement improv risk manag process
## [1300] n
## [1301] univers massachusett amherst umass agre settl potenti violat health insur portabl account act hipaa privaci secur rule us depart health human servic hhs offic civil right ocr umass will pay will adopt robust correct action plan correct defici hipaa complianc program umass notifi ocr workstat center languag speech hear center infect malwar program result impermiss disclosur electron protect health inform ephi individu includ name address social secur number date birth health insur inform diagnos procedur code univers determin malwar generic remot access trojan infiltr system provid impermiss access ephi umass firewal place ocr’ investig indic follow potenti violat hipaa rule • failur design health care compon hybrid • failur implement technic secur measur center guard unauthor access ephi transmit electron communic network ensur firewal place center • failur conduct accur thorough risk analysi prior septemb • impermiss disclosur individuals’ ephi addit monetari settlement umass agre correct action plan requir organ conduct enterprisewid risk analysi develop implement risk manag plan revis polici procedur train staff polici procedur resolut agreement correct action plan may found ocr websit httpwwwhhsgovhipaaforprofessionalscomplianceenforcementagreementsumass
## [1302] n
## [1303] n
## [1304] cover entiti ce bon secour health system discov two certifi nurs assist cnas impermiss electron access medic record approxim patient prior month protect health inform phi contain breach includ patient name social secur number date birth address clinic inform identifi ce provid breach notif hhs affect individu media follow breach ce conduct full investig sanction two cnas revok access electron medic record system subsequ termin employe action follow ces report law enforc state depart health profess two former employe plead guilti feder misdemeanor charg profession certif revok ocr review ces recent risk assess confirm identifi risk address decemb accord ces risk manag plan result ocr investig ce pursu prosecut cnas provid credit monitor servic affect individu
## [1305] n
## [1306] unencrypt laptop comput belong cover entiti ce independ care system stolen employee’ home laptop contain report includ member name address telephon number medicaid identif number intern identif number enrol date disenrol date ce provid breach notif hhs affect individu media result ocr’ investig ce encrypt laptop comput ce also updat polici procedur encrypt desktop comput laptop mobil devic secur secur awar train addit ce perform inform secur assess modifi environ implement find remedi plan ocr indic expect ce will review updat secur train confirm whether meet standard secur rule conduct risk analysi implement risk manag plan implement polici procedur secur incid physic secur facil secur plan addit ocr provid expect ce will provid ongo secur awar train staff
## [1307] april synerm employee’ laptop comput stolen vehicl park front home laptop contain protect health inform phi individu includ patients’ name member identif date servic reason visit procedur code laptop password protect encrypt cover entiti ce provid breach notif hhs affect individu media post substitut notic websit respons incid ce improv physic secur encrypt comput counsel employe involv train staff also review polici implement encrypt polici ocr obtain assur ce implement correct action list
## [1308] n
## [1309] email open erskin famili dentistri comput contain virus affect comput store protect health inform phi individu type phi involv breach includ patients’ name address date birth social secur number credit card number claim inform treatment inform cover entiti ce investig ensur virus penetr program contain phi ce also ensur store phi encrypt program instal new antivirus tool assur everi potenti affect comput examin wipe virus ce provid breach notif hhs media affect individu ce also retrain staff ocr obtain written document ce implement correct action list
## [1310] n
## [1311] case involv hack incid cover entity’ ce network server trojan virus discov run administr account remot access server data loss actual discov potenti record may vulner type protect health inform phi potenti breach includ demograph financi clinic inform ce engag forens consult team verifi scope impact malwar clean system ce instal effect virus detect softwar train educ user regard data secur made adjust data storag polici ocr confirm ce took appropri correct action
## [1312] n
## [1313] workforc member cover entiti ce dent neurolog group llp erron sent unencrypt email spreadsheet contain patients’ protect health inform phi wrong patient type phi spreadsheet includ patients’ name address activeform patient status date last appoint schedul code physicians’ name ce provid breach notif hhs affect individu media follow breach ce implement email secur applianc encrypt email filter incom messag malwar virus spam well filter outgo messag identifi ce also updat email encrypt polici procedur implement polici procedur encrypt password protect electron document updat train program handl email addit ce sanction counsel retrain workforc member result ocr’ investig technic assist ce provid evid remedi window xp devic well updat risk analysi incorpor physic safeguard penetr test correspond secur risk assess report ce expect conduct risk analysi address potenti risk vulner entir oper implement risk manag plan correspond risk mitig activ
## [1314] n
## [1315] april credit card inform patient cover entiti ce piedmont healthcar pa compromis via breach websit host one ce’ vendor edreamz unauthor person gain access edreamz’ server obtain payment inform ce’ patient protect health inform phi involv breach includ patients’ name address phone number email address credit card inform ce provid breach notif hhs media affect individu offer year free credit monitor ident theft protect follow breach ce termin agreement edreamz enter busi associ ba agreement new websit host vendor ce also initi legal proceed edreamz regard breach contract store credit card inform server issu relat incid ocr obtain assur ce implement correct action list
## [1316] n
## [1317] credit card inform patient cover entiti ce presbyterian anesthesia associ pa now known provid anesthesia associ pa compromis unauthor person gain access server edreamz ce’ websit host busi associ ba protect health inform phi involv breach includ patients’ name address phone number email address credit card inform ce provid breach notif hhs media affect individu offer year free credit monitor ident theft protect ce also notifi fbi north carolina’ attorney general major credit card compani respons breach ce hire outsid forens comput specialist investig addit ce termin servic agreement ba enter satisfactori ba agreement new websit host vendor ba agreement prohibit storag phi vendor’ server ce also review updat hipaa polici procedur ocr obtain assur ce implement correct action list
## [1318] n
## [1319] cover entiti ce public health seattl king counti discov protect health inform phi client inadvert dispos improp put regular recycl phi involv breach includ treatment medic condit inform may includ social secur number five individu ce provid breach notif hhs media individu appoint subject clinic four week prior incid also provid substitut notif ce improv safeguard updat phi dispos polici procedur ocr’ investig confirm appropri notif made correct action step taken requir ce retrain staff revis dispos polici
## [1320] n
## [1321] unsecur hard drive contain electron protect health inform ephi individu lost transit dr andrew f brooker busi associ assurancemd subcontract electron medic record storag compani ephi involv breach includ patient name diagnosescondit lab result clinic inform patient address date birth andor social secur number dr brooker provid breach notif hhs affect individu follow breach updat hipaa polici procedur ocr obtain assur correct action step list complet prior complet addit correct action dr brooker notifi ocr sold privat practic
## [1322] n
## [1323] n
## [1324] n
## [1325] desktop comput tag destruct stolen hour facil cover entiti ce laboratori corpor america labcorp comput contain electron protect health inform ephi approxim individu includ clinic demograph inform diagnos name social secur number date birth ce provid breach notif hhs affect individu ce also notifi law enforc initi intern investig coordin ocr’ investig ce retrain employe chang storag locat mobil devic comput updat encrypt desktop comput
## [1326] raleigh orthopaed clinic pa north carolina raleigh orthopaed agre pay settl charg potenti violat health insur portabl account act hipaa privaci rule hand protect health inform phi approxim patient potenti busi partner without first execut busi associ agreement hipaa cover entiti disclos phi unauthor person lack busi associ agreement left sensit health inform without safeguard vulner misus improp disclosur raleigh orthopaed provid group practic oper clinic orthopaed surgeri center raleigh north carolina area ocr initi investig raleigh orthopaed follow receipt breach report april ocr’ investig indic raleigh orthopaed releas xray film relat protect health inform patient entiti promis transfer imag electron media exchang harvest silver xray film raleigh orthoped fail execut busi associ agreement entiti prior turn xray phi “hipaa’ oblig cover entiti obtain busi associ agreement mere checkthebox paperwork exercise” said jocelyn samuel director us depart health human servic hhs offic civil right ocr “ critic entiti know hand phi obtain assur inform will protected” addit payment raleigh orthopaed requir revis polici procedur establish process assess whether entiti busi associ design respons individu ensur busi associ agreement place prior disclos phi busi associ creat standard templat busi associ agreement establish standard process maintain document busi associ agreement least six year beyond date termin busi associ relationship limit disclosur phi busi associ minimum necessari accomplish purpos busi associ hire
## [1327] case along two companion case involv data lost due damag andor open prioriti mail process transit unit state post offic case potenti individu may affect type protect health inform phi involv breach includ name social secur number group name group number data recov cover entiti ce delta dental provid breach notif hhs affect individu media also took immedi appropri step mitig potenti damag individu reduc likelihood recurr decemb case closur septemb incid occur ocr determin ce’ correct action effect
## [1328] februari valley mental health cover entiti ce discov comput hard drive stolen one facil comput locat common area avail use member hard drive contain protect health inform phi—memb name diagnost treatment inform financi record media releas form member photograph activ signup sheet resumes— approxim individu ce provid breach notif hhs affect individu media follow breach ocr’ investig ce post sign remind member inform store share comput confidenti encrypt hard drive store phi lock offic lock file cabinet ocr obtain assur ce implement correct action list ocr provid ce technic assist regard secur rule oblig
## [1329] ihc health servic ind dba intermountain life flight cover entiti ce report around octob employe inadvert upload document contain protect health inform phi department’ extern manag unsecur websit violat corpor polici prohibit conduct ce indic websit depart oper purpos intend includ phi breach affect individuals’ demograph inform includ name address date birth andor social secur number andor clinic inform includ diagnos ce provid time breach notif affect individu media hhs provid substitut notic post breach websit also offer affect individu credit monitor one year follow breach ce prompt disabl websit verifi secur data destruct conduct intern investig incid respons includ root caus analysi correct educ riskbas action plan encompass entir enterpris ce also termin relationship extern vendor addit ce retrain workforc member assign individu pursuant establish polici procedur overse secur respons depart also implement procedur identifi remedi need inform system resourc extern manag server websit ce’ data ocr obtain assur ce implement correct action list
## [1330] email contain electron protect health inform ephi sent work email address home email address workforc member cover entiti ce hope hospic ephi email contain name referr sourc admiss date health insur approxim individu upon discov breach ce implement sanction involv workforc member ce provid breach notif hhs affect individu media ce improv physic secur retrain staff ocr obtain assur ce implement correct action list
## [1331] non februari cpu contain protect health inform phi individu stolen cover entiti ce guidanc center westchest type phi involv breach includ individuals’ name date birth date admitt insur carriers’ name home address diagnos outpati treatment author request social secur number treat physicians’ name case number identifi inform upon discov breach ce file polic report notifi new york state attorney general’ offic new york state offic cyber secur new york state depart state divis consum protect connecticut attorney general’ offic ce provid breach notif hhs affect individu media offer one year free credit monitor servic affect individu result breach ce encrypt desktop laptop comput disabl use portabl devic univers serial bus usb connect ce initi plan reloc two offic build secur camera instal secur camera anoth locat ocr obtain assur ce implement correct action list
## [1332] n
## [1333] n
## [1334] ocr open investig cover entiti ce john j persh va medic center ce report busi associ ba stress laboratori place box unsecur protect health inform phi equip storag room phi includ name social secur number diagnos age approxim individu breach incid involv ba occur prior septemb complianc date ba employe involv matter separ employ ba reorgan incorpor ce ce provid breach notif affect individu hhs media substitut notif provid post ces main websit tollfre inform number ce also offer one year ident protect credit monitor servic affect individu result incid ce adopt new polici provid guidanc staff regard handl phi addit ce train employe new polici retrain employe privaci secur breach notif rule final ocr obtain assur ce implement correct action list
## [1335] februari laptop stolen william jen bryan dorn vamc’ pulmonari test unit laptop contain protect health inform phi approxim individu includ name date birth clinic inform cover entiti ce provid breach notif hhs media affect individu issu substitut notic place notic websit also offer credit monitor includ ident theft protect one year ce open report va polic va offic inspector general oig prevent futur occurr ce improv physic safeguard laptop attach medic test devic addit procedur implement secur storag remov person identifi inform medic devic ocr obtain assur correct action list complet
## [1336] n
## [1337] n
## [1338] n
## [1339] cover entiti ce busi associ ba oper server contain electron protect health inform ephi individu vulner access unauthor person four month ephi includ transcrib doctor note may includ medic diagnos clinic laboratori result diagnost imag report emerg depart record medic administr upon discoveri breach ce engag comput forens expert investig incid termin ba agreement result ocr investig ce ensur ba secur server verifi server longer access internet requir ba return destroy ces ephi
## [1340] n
## [1341] n
## [1342] clinic intern cover entiti ce univers florida health jacksonvill ufhj former shand jacksonvill medic center took photograph protect health inform phi email phi unauthor third person purpos file fraudul tax return phi includ name address social secur number date birth treatment inform individu law enforc agenc learn breach inform ce request delay breach notif ce later provid breach notif affect individu hhs media offer affect individu one year free ident theft protect follow breach ce sanction two workforc member allow intern longer ce use credenti access electron medic record violat polici ce also retrain workforc member privaci polici increas access restrict social secur number end clinicbas internship ocr provid technic assist obtain assur ces plan updat breach notif polici procedur
## [1343] n
## [1344] februari person laptop comput use store medic report inform cover entity’ ce client lost stolen provid former contract ce comput hard drive wipe determin inform contain ce treat breach affect individu protect health inform phi involv breach may includ name date birth social secur number clinic inform diagnos condit follow breach ce updat contract languag busi associ contractor includ data secur requir addit physic control well selfassess tool monitor plan ce ad provis requir contract provid provid proof annual complet selfassess tool verif encrypt softwar use ocr provid technic assist secur rule requir obtain assur breach notif provid accord breach notif rule requir
## [1345] n
## [1346] oregon health scienc univers ohsu agre settl potenti violat health insur portabl account act hipaa privaci secur rule follow investig us depart health human servic offic civil right ocr found widespread divers problem ohsu will address comprehens threeyear correct action plan settlement includ monetari payment ohsu depart ocr’ investig began ohsu submit multipl breach report affect thousand individu includ two report involv unencrypt laptop anoth larg breach involv stolen unencrypt thumb drive incid garner signific local nation press coverag ocr’ investig uncov evid widespread vulner within ohsu’ hipaa complianc program includ storag electron protect health inform ephi individu cloudbas server without busi associ agreement ocr found signific risk harm individu due sensit natur diagnos ohsu perform risk analys ocr’ investig found analys cover ephi ohsu’ enterpris requir secur rule analys identifi vulner risk ephi locat mani area organ ohsu act time manner implement measur address document risk vulner reason appropri level ohsu also lack polici procedur prevent detect contain correct secur violat fail implement mechan encrypt decrypt ephi equival altern measur ephi maintain workstat despit identifi lack encrypt risk “ wellpublic larg scale breach find risk analys ohsu everi opportun address secur manag process insuffici furthermor ohsu address lack busi associ agreement allow vendor store ephi” said ocr director jocelyn samuel “ settlement underscor import leadership engag critic csuit take hipaa complianc seriously” ohsu larg public academ health center research univers center portland oregon compris two hospit multipl general specialti clinic throughout portland throughout state oregon
## [1347] n
## [1348] n
## [1349] univers mississippi medic center ummc agre settl multipl alleg violat health insur portabl account act hipaa us depart health human servic offic civil right ocr ocr’ investig ummc trigger breach unsecur electron protect health inform “ephi” affect approxim individu investig ocr determin ummc awar risk vulner system far back april yet signific risk manag activ occur breach due larg organiz defici insuffici institut oversight ummc will pay resolut amount adopt correct action plan help assur futur complianc hipaa privaci secur breach notif rule “ addit identifi risk vulner ephi entiti must also implement reason appropri safeguard address within appropri time frame” said ocr director jocelyn samuel “ ocr remain particular concern unaddress risk may lead impermiss access ephi” march ocr notifi breach ummc’ privaci offic discov passwordprotect laptop miss ummc’ medic intens care unit micu ummc investig conclud like stolen visitor micu inquir borrow one laptop ocr’ investig reveal ephi store ummc network drive vulner unauthor access via ummc’ wireless network user access activ directori contain file enter generic usernam password directori includ file contain ephi estim patient date back ocr’ investig reveal ummc fail •implement polici procedur prevent detect contain correct secur violat •implement physic safeguard workstat access ephi restrict access author user •assign uniqu user name andor number identifi track user ident inform system contain ephi •notifi individu whose unsecur ephi reason believ access acquir use disclos result breach univers mississippi state’ sole public academ health scienc center educ research function addit provid patient care four special hospit jackson campus clinic throughout jackson state design health care compon ummc includ univers hospit site breach case locat main ummc campus jackson
## [1350] n
## [1351] march cover entiti ce m c children’ clinic report breach hacker infect network encrypt patients’ electron medic record hacker contact ce demand money return allow access patients’ record breach involv clinic financi demograph inform individu ce provid breach notif hhs affect individu media follow incid ce improv safeguard ad enhanc firewal antivirus softwar also close electron access port revis data backup recoveryrestor plan addit ce train staff privaci secur ocr provid technic assist ce requir conduct thorough assess potenti risk vulner ephi
## [1352] n
## [1353] n
## [1354] novemb octob employe cover entity’ ce busi associ ba connext improp access protect health inform phi ces medicar member employe may disclos social secur number third parti breach affect approxim indiana member phi involv breach includ demograph inform social secur number ce provid breach notif hhs affect individu media post substitut notic websit follow breach ba complet secur risk assess phase call center atfault employe work engag independ extern audit ocr review ba agreement place ce ba obtain assur ce ba implement correct action matter addit involv individual’ employ termin
## [1355] unknown individu hack cover entity’ ce server contain electron protect health inform ephi approxim individu ephi involv breach includ name address date birth social secur number payment inform treatment inform ce provid breach notif hhs affect individu media follow breach ce improv safeguard instal new firewal filter technolog addit ocr’ investig result ce retrain employe
## [1356] januari employee’ unencrypt laptop own cover entiti ce unit homecar servic inc stolen lock vehicl laptop contain demograph data includ name date birth address social secur number well clinic health insur inform affect patient ce client subsidiari unit home care servic southwest florida llc ce provid breach notif hhs affect individu media post substitut notic websit respons breach ce encrypt portabl devic provid special train workforc ocr obtain assur ce implement correct action list employe fault suspend without pay day resign short thereaft
## [1357] n
## [1358] n
## [1359] employe cover entity’ busi associ ba lost portabl thumb drive contain electron protect health inform ephi individu ephi includ demograph inform medicaid identif number prescript inform cover entiti ce utah depart health provid breach notif hhs affect individu media ce took correct action mitig situat implement new agreement ba includ addit secur measur result ocr’ investig ocr obtain assur correct action list complet ocr open separ investig ba
## [1360] n
## [1361] n
## [1362] spreadsheet contain protect health inform phi individu stolen one cover entiti ce locat phi involv breach includ name date birth follow breach ce notifi local polic provid breach notif hhs media affect individu offer ident protect servic individu ce attempt retriev phi result ocr investig ce review polici prevent similar incid occur futur
## [1363] n
## [1364] prime therapeut busi associ ba pharmaci benefit manag cover entiti ce ultra store inc’ health plan electron submit file contain elig inform plan member illinoi depart healthcar famili servic idhf requir law medicaid subrog due system error file generat process electron protect health inform ephi least plan member resid illinoi also includ file ephi mail includ full name social secur number date birth home address investig ocr learn signet jewel acquir ultra consequ ultra’ health plan longer exist addit sterl jewel sterl busi unit signet inform ocr believ ultra erron report septemb incid ocr prime conduct risk assess determin incid breach file issu access view anyon idhf ocr obtain review document indic respons incid ba obtain confirm idhf destroy file disclos file ba also correct system error implement chang file generat process prevent error recur
## [1365] cover entiti ce busi associ ba health plus amerigroup mail unencrypt compact disk contain electron protect health inform ephi individu ce brookdal univers hospit medic center ocr close breach report consolid exist breach report file ohp phsp inc regard issu
## [1366] ocr open investig cover entiti ce brookdal univers hospit medic center report busi associ ba standard regist inadvert mail statement individu use anoth affili ces envelop protect health inform phi includ name address financi inform ocr provid technic assist ce regard safeguard phi
## [1367] n
## [1368] n
## [1369] n
## [1370] n
## [1371] ocr open investig cover entiti ce stronghold counsel servic report desktop comput miss facil comput contain protect health inform phi appoint client insur payment demograph includ social secur number well client letter report breach affect individu ce provid breach notif hhs affect individu media follow breach ce revis procedur encrypt implement risk analysisrisk manag process ocr provid technic assist ce regard risk analysi risk manag requir secur rule requir breach notif rule
## [1372] NA
## [1373] vendor onetouchpoint cci incorrect print mail identif card busi associ ba dentaquest florida type protect health inform phi involv breach includ name identif number date coverag cover entiti ce provid breach notif hhs affect individu media follow incid ce reprogram softwar compar name address conduct qualiti assur test ensur accuraci ba reissu identif card provid selfaddress stamp envelop request member return previous sent card ocr review copi ce’ polici procedur relat incid
## [1374] decemb dawson polic depart notifi cover entiti ce terrel counti health depart employe suspect ident theft least two ce’ patient patient employe access record employ potenti affect total individu protect health inform phi involv breach includ demograph clinic financi health insur inform ce provid breach notif hhs affect individu media ce termin offend employe reeduc workforc hipaa polici ce also improv hipaa train materi risk analysi procedur oper softwar audit method ocr obtain assur correct action taken
## [1375] laptop comput stolen cover entiti ce abq health partner laptop contain electron protect health inform ephi approxim patient although ce unabl conclus determin patients’ name still laptop ephi involv breach includ name date birth age sex refer physicians’ name raw numer test data less individu follow breach ce encrypt ephi store laptop tablet comput result ocr’ investig ce obtain inform outdat system held ephi addit ce provid ocr copi secur polici ce focus complianc hipaa secur rule hitech act requir
## [1376] n
## [1377] n
## [1378] backup tape contain protect health inform phi individu stolen cover entiti ce kindr transit care rehabilit – marlborough theft safe tape store type phi involv breach includ patients’ name diagnos social secur number medic medicar number ce provid breach notif hhs affect individu media follow breach ce revis process encrypt backup tape addit result ocr’ investig ce stop use tape backup inform individu site
## [1379] feder law enforc notifi feder law enforc cover entiti ce jackson health system march volunt jackson north medic center photograph paper document contain protect health inform phi patient alleg use ident theft scheme type phi involv breach includ patients’ name social secur number address birthdat ce provid breach notif hhs affect individu media post substitut notic websit also offer one year free credit monitor respons incid ce revis hipaa polici procedur ce updat volunt program prohibit use smartphon patient care area requir volunt agre write conform privaci polici procedur provid nurs staff list volunteers’ permit job duti ce also chang leadership volunt program increas supervis volunt ocr obtain assur ce implement correct action list
## [1380] n
## [1381] n
## [1382] three laptop comput stolen rockvill md offic cover entiti ce center pain manag laptop unencrypt two devic contain electron protect health inform ephi individu ce retain ident forc firm special provid mitig servic case secur breach ident forc mail notif letter affect individu provid ident theft insur credit monitor servic one year ce also post breach notif websit notifi media ce engag servic inform technolog firm updat devic comput network ocr obtain assur correct action list complet
## [1383] n
## [1384] laptop cover entiti ce intervent servic stolen workforc member’ vehicl electron protect health inform ephi laptop includ patient name date birth medicaid number name patients’ fund sourc approxim individu upon discov breach ce file polic report ce provid breach notif hhs affect individu media ce improv physic secur sanction involv workforc member retrain staff ocr obtain assur ce implement correct action list
## [1385] februari back door cover entity’ ce facil pri open unencrypt desktop comput stolen due theft protect health inform phi individu potenti expos includ name date birth social secur number ce provid time breach notif hhs affect individu media post substitut notic lobbi facil respons breach ce replac back door upgrad secur system instal camera ce updat bill softwar octob ce sold effect ceas oper ocr obtain assur ce implement correct action list
## [1386] octob employe lifega busi associ ba cover entiti ce american home patient inc lost misplac unencrypt laptop comput contain electron protect health inform ephi ce’ client across state ephi store laptop includ patients’ name address indic show patient receiv oxygen suppli ce determin thumb drive misplac incid contain phi ce conduct intern investig provid breach notif hhs affect individu addit ce negoti new agreement ba includ stringent provis regard timefram allow futur breach notif ocr obtain assur ce complet correct action list
## [1387] comput stolen cover entity’ ce lock medic offic comput contain protect health inform phi approxim individu phi involv breach includ name address date birth social secur number clinician inform follow breach ce encrypt phi transit well rest upgrad facil access control updat devic inventori system addit ocr’ investig result ce creat accept risk analysi risk manag plan entiti also contract third parti overhaul privaci secur polici procedur
## [1388] n
## [1389] n
## [1390] cover entiti ce western wisconsin medic associ discov summer employe clean servic use river fall medic clinic “clinic” stole paperbas protect health inform phi approxim individu store unsecur bin pickup shred compani phi involv breach includ patients’ name least one follow affect patient date birth insur account number address phone number social secur number medic number ce provid breach notif hhs media affect individu ce arrang provis secur bin clinic staff may dispos paper phi develop new polici procedur relat dispos phi retrain relev workforc member newli implement polici procedur
## [1391] n
## [1392] cover entiti ce stanford school medicin som stanford children hospit schformer lucil packard children hospit report januari som workforc member passwordprotect laptop stolen workforc member’ vehicl ce report electron protect health inform ephi store laptop unencrypt ephi approxim individu may affect incid ephi includ demograph clinic inform relat sch patient care som research follow incid ce contact law enforc notifi affect individu offer ident protect servic affect individu establish call center assist affect individu question concern submit notif media hhs ce report evid unauthor access ephi store laptop result breach ocr’ correspond investig ce sanction workforc member violat hipaa polici retrain workforc member data secur polici sch implement enhanc administr technic safeguard ensur secur email communic ce also initi plan implement improv risk manag process
## [1393] cover entity’ ce busi associ ba blue cross blue shield mail month premium notic invoic contain protect health inform phi individu never receiv ce phi includ name member identif number social secur number upon discoveri breach ba contact us post offic regard undeliv mail ce provid breach notif hhs ba notifi affect individu ba revis invoic procedur assur remov social secur number member identif number send invoic via secur email breach incid involv ba occur prior septemb complianc date ocr verifi ce proper ba agreement place restrict ba’ use disclosur phi requir ba safeguard phi
## [1394] n
## [1395] cover entiti ce wayn memori hospit lost unencrypt compact disk cd contain electron protect health inform ephi approxim individu us mail type ephi involv breach includ patients’ name account balanc medicar number contain social secur number ce provid breach notif hhs affect individu media follow breach ce attempt locat cd ce also encrypt cd contain similar data use purpos result ocr’ investig ce retrain employe evalu ephi maintain comput recent risk analysi
## [1396] ocr open investig cover entiti ce riderwood senior live communiti report five laptop comput four unencrypt contain electron protect health inform ephi individu stolen facil physic therapi depart ephi includ name date birth address health plan id number discuss therapi treatment upon discov breach ce file polic report mail individu notic breach current former riderwood resid affect health plan member issu press releas seven media outlet post substitut notic websit day report breach hhs follow breach ce encrypt laptop revis secur procedur retrain employe ocr obtain written assur ce implement correct action list well new secur polici procedur ensur adequ safeguard ephi
## [1397] NA
## [1398] n
## [1399] ocr open investig cover entiti ce report unencrypt laptop stolen contain electron protect health inform ephi individu ephi includ name address zip code date birth social secur number claim inform diagnosi code upon discoveri breach ce file polic report recov stolen item result ocr investig ce encrypt backup drive content laptop comput ce also train staff use encrypt safeguard data person comput mobil devic
## [1400] n
## [1401] n
## [1402] n
## [1403] letter prospect new member cover entiti ce silverscript insur compani part d plan misdirect incorrect address silverscript whollyown subsidiari cvs health former cvs caremark ce report root caus incid elig data file receiv northgat arinso third parti vendor energi futur hold inaccur data file contain multipl incorrect address result protect health inform phi disclos member letter contain members’ name address identif number group number inform member inform taken pharmaci use process pharmaci claim ce provid breach notif hhs affect individu media follow breach cvs health implement addit qualiti control measur verifi inform receiv third parti ocr obtain review document regard implement addit qualiti control measur
## [1404] due malfunct process benefit confirm statement employe inform comingl statement mail wrong employe depend breach includ protect health inform phi individu phi involv breach includ name social secur number cover entiti ce dimens healthcar system provid breach notif hhs affect individu media follow breach ce revis correspond handl procedur result ocr’ investig ce review busi associ ba relationship ensur appropri ba agreement place
## [1405] n
## [1406] n
## [1407] n
## [1408] ocr open investig cover entiti ce group health insur report postcard remind sent subscrib protect health inform phi involv includ social secur number within seri number inscrib outsid postcard ce provid breach notif hhs media affect individu post substitut notic websit upon discoveri breach ce suspend mail order verifi subscrib inform ensur pend complet project contain social secur number result ocr investig ce modifi mail procedur prevent similar disclosur recur futur retrain staff modifi mail procedur ce provid affect individu free one year subscript credit monitor
## [1409] n
## [1410] electron medic dispens devic stolen lock car omnicel employe omnicel busi associ ba cover entiti ce sentara protect health inform involv breach includ patient name birth date patient number medic record number clinic inform ces patient breach notif provid hhs media affect individu ba repres ce recent complet risk analysi contain detail implement administr physic technic safeguard ba inform ce place secur awar train program provid inform regard educ workforc member result ocr investig ocr obtain execut summari bas risk analysi copi ces recent risk analysi breach incid involv ba occur prior septemb complianc date ocr verifi ce proper ba agreement place restrict bas use disclosur phi requir ba safeguard phi
## [1411] n
## [1412] employe subcontractor cover entiti ce busi associ ba respond telephon phish attack permit hacker remot access laptop comput subcontractor violat subcontractor bas polici laptop contain protect health inform phi individu includ name date birth diagnosi code diagnosi code descript social secur number treatment descript ce ba provid breach notif hhs affect individu media provid substitut notic ba also offer year credit monitor affect respons incid subcontractor improv safeguard initi laptop audit ensur phi store retrain employe appli employe sanction termin employe fail follow polici ocr obtain assur correct action list complet
## [1413] ocr open investig cover entiti ce sovereign medic group llc report data file corrupt inaccess network server ce receiv ransom note hacker advis paid specifi amount ce regain access file breach affect individu type electron protect health inform ephi includ demograph inform social secur number driver’ licens number insur inform date servic claim inform diagnos procedur code upon discov breach ce file report polic depart counti prosecutor’ offic feder bureau investig ce provid breach notif hhs affect individu media offer one year free credit monitor servic affect individu result breach ce close inbound communic port contamin server deploy webfilt mechan scan monitor outbound traffic disabl wireless network ocr provid ce technic assist regard hipaa secur rule
## [1414] laptop comput contain electron protect health inform ephi individu stolen home one cover entity’ ce employee’ burglari ephi includ name address telephon number social secur number medic record number plan beneficiari number clinic inform ce gibson general hospit provid breach notif hhs affect individu media well substitut notic follow breach ce offer one year free credit monitor servic affect individu ce also improv safeguard encrypt laptop comput result ocr’ investig ce implement new secur polici procedur relat safeguard ephi
## [1415] n
## [1416] cover entiti ce california depart health care servic report member identif card mail wrong household due comput program error electron file multipl beneficiari live household card beneficiari sent wrong household type protect health inform phi card includ name date birth gender date issu medicalassign number ce provid breach notif hhs affect individu media follow breach ce put immedi hold addit mail conduct qualiti assur check ce deactiv card mail wrong address request return deactiv card issu replac ce implement new intern data transfer polici updat relat procedur also institut new process mail ocr obtain assur ce implement correct action list
## [1417] n
## [1418] cours investig incid ocr learn report entiti cover entiti
## [1419] n
## [1420] cover entiti ce health advantag mail person health statement approxim plan members’ previous address due intern program error incid affect addit patient address separ breach report cover entiti contract cover entiti bcbs arkansa state arkansa depart financ administr employe benefit divis health plan baptist health system’ health plan protect health inform phi involv breach includ patients’ demograph inform health insur identif number descript treatment servic receiv name treat facil provid ce provid breach notif hhs affect individu media follow breach ce correct program error purg outdat inform system implement new qualiti control procedur mail result ocr’ investig health advantag also revis enter multipl busi associ agreement
## [1421] n
## [1422] NA
## [1423] NA
## [1424] NA
## [1425] n
## [1426] ocr open investig cover entiti ce coastal behavior healthcar inc report four page contain protect health inform phi recov local law enforc motor vehicl traffic stop ce indic four page like part larger report may contain phi individu phi involv breach includ name social secur number date birth identifi ce provid breach notif affect individu hhs media follow breach ce hire cybersecur firm perform network audit conduct secur risk assess ce also improv safeguard restrict physic access inform technolog depart implement new electron health record system disabl abil print report databas contain data similar report subject breach ocr obtain assur ce implement correct action list
## [1427] cover entiti ce carolina’ medic center discov physician respond phish email provid password third parti caus physician’ email forward third parti forward email includ protect health inform phi regard individu phi email includ name date birth medic treatment inform social secur number patient date servic address name provid admissiondischarg disposit date intern medic record account number follow breach ce improv administr technic safeguard termin autoforward capabl implement alert remot system access origin foreign countri ce also train employe identifi social engin scheme ocr obtain assur correct action taken
## [1428] n
## [1429] n
## [1430] n
## [1431] NA
## [1432] n
## [1433] n
## [1434] na
## [1435] n
## [1436] around june employe cover entiti ce advanc data process inc adp dba intermedix access patients’ protect health inform phi part job inappropri access phi approxim individu sold inform third parti addendum initi breach report submit april expand breach addit individu phi involv breach includ patient name social secur number address date birth claim financi inform ce provid breach notif hhs affect individu media post substitut notic follow breach ce engag third parti review network environ make recommend secur enhanc implement data loss prevent technolog identifi electron phi block transmitt sensit inform log manag analysi solut autom collect analysi archiv recoveri log data ce implement polici procedur dispos reus mobil devic well secur transport sensit inform data center ce also creat inform secur team appoint committe address complianc addit ce improv employe train program launch vendor manag program ensur safeguard ephi busi associ ocr obtain assur ce implement correct action list ce also initi upgrad data center secur workstat antivirus technolog
## [1437] n
## [1438] cover entity’ ce lock storag unit broken hard copi patients’ medic record stolen type protect health inform phi record includ patients’ full name social secur number home address telephon number dental chart insur inform payment inform ce provid breach notif hhs affect individu media follow breach ce repair door storag unit ad profession lock destroy outdat patient record ce retrain staff deploy new practic manag softwar storag electron patient record transfer storag paper record onsit ocr obtain assur ce implement correct action list
## [1439] n
## [1440] n
## [1441] juli cover entiti ce el centro region medic center learn busi associ ba digit archiv manag abandon ce’ hard copi “jackets” radiolog film xray radiolog report lock el centro facil instead digit destroy record accord busi associ agreement ce recov jacket radiolog report march ce learn fbi miss radiolog film hard copi paper document discov abandon commerci facil nevada breach involv protect health inform phi approxim individu includ demograph inform includ name date birth clinic inform includ diagnos condit ce provid breach notif hhs affect individu media follow breach ce sanction certain employe review updat hipaa polici procedur implement secur measur reduc risk vulner phi ephi breach incid involv ba occur prior septemb complianc deadlin ocr verifi ce proper ba agreement place restrict ba’ use disclosur phi requir ba safeguard phi ocr also review ce’ polici procedur risk analysi risk manag plan incid report
## [1442] n
## [1443] n
## [1444] two laptop comput contain protect health inform phi approxim individu stolen breakin offic cover entiti ce origin medicin acupunctur well ce provid breach notif hhs affect individu media follow incid ce upgrad secur system reduc number comput maintain phi ocr review copi ce’ relev hipaa polici procedur
## [1445] n
## [1446] n
## [1447] septemb employe lost unsecur flash drive contain electron protect health inform ephi individu type ephi involv breach includ financi demograph clinic inform hospit provid breach notif hhs affect individu media follow discoveri incid hospit revis hipaa polici implement encrypt solut media storag devic retrain involv employe ocr obtain assur ce implement correct action list
## [1448] three secondari backup portabl hard drive maintain cover entiti ce maryvill academi remov lock room use secur area maintain secondari backup copi electron record ce’ servic program drive contain electron protect health inform ephi approxim individu includ patients’ name date birth telephon number social secur number address diagnosiscondit financi claim inform medic lab result treatment inform ce provid breach notif hhs affect individu media post notif breach websit ce also offer one year free credit monitor servic affect individu follow breach ce revis hipaa polici procedur encrypt backup portabl hard drive portabl electron devic also updat practic regard physic storag backup portabl hard drive includ use third parti offsit vendor contract third parti vendor long term offsit archiv storag train workforc revis newli implement polici procedur ocr obtain document evidenc ce implement correct action list
## [1449] n
## [1450] care new england health system cne behalf cover entiti common ownership control agre settl potenti violat health insur portabl account act hipaa privaci secur rule settlement includ monetari payment comprehens correct action plan cne provid central corpor support subsidiari affili cover entiti includ number hospit health care provid massachusett rhode island function includ limit financ human resourc inform servic technic support insur complianc administr function novemb us depart health human servic offic civil right ocr receiv notif woman infant hospit rhode island wih cover entiti member cne loss unencrypt backup tape contain ultrasound studi approxim individu includ patient name data birth date exam physician name instanc social secur number wih’ busi associ cne provid central corpor support includ technic support inform secur wih’ inform system wih provid ocr busi associ agreement care new england health system effect march updat august result ocr’ investig therefor incorpor revis requir hipaa omnibus final rule ocr’ investig found follow • septemb august wih disclos protect health inform phi allow busi associ cne creat receiv maintain transmit phi behalf without obtain satisfactori assur requir hipaa wih fail renew modifi exist written busi associ agreement cne includ applic implement specif requir hipaa privaci secur rule • septemb august wih impermiss disclos phi least individu busi associ wih provid cne access phi without obtain satisfactori assur form written busi associ agreement cne appropri safeguard phi “ case illustr vital import review updat necessari busi associ agreement especi light requir revis omnibus final rule said ocr director jocelyn samuel “ omnibus final rule outlin necessari chang establish busi associ agreement new requir includ provis report sampl busi associ agreement can found ocr’ websit assist cover entiti compli requirement” respect under breach juli wih enter consent judgment massachusett attorney general’ offic ago reach settlement ocr found consent judgment suffici cover conduct breach includ failur implement appropri safeguard relat handl phi contain backup tape failur provid time notif affect individu ago’ action legal preclud ocr impos civil money penalti ocr determin includ addit potenti violat case purpos settlement given potenti violat alreadi address ago base ocr’ polici approach concurr case state ago resolut agreement correct action plan may found ocr websit athttpwwwhhsgovhipaaforprofessionalscomplianceenforcementagreementswih
## [1451] louisiana state polic fbi notifi cover entiti ce former employe involv identifi theft affect protect health inform phi ce’ patient approxim patients’ phi involv breach howev ce’ investig conclud dept public safeti correct investig patient affect phi involv breach includ name address social secur number ce provid breach notif hhs media patient whose name includ busi associate’ ba inform system prevent similar breach happen futur ba review system assur ce ocr system design compli regul hipaa result ocr’ investig ce provid ocr copi hipaa polici procedur
## [1452] case consolid anoth review cover entiti
## [1453] unencrypt password protect laptop comput stolen car employe medic resid cover entiti ce laptop contain electron protect health inform ephi approxim individu type ephi breach includ name medic record number birth date diagnosi code social secur number ce provid breach notif hhs affect individu media follow breach ce audit employee’ depart equip retrain involv employe staff updat hipaa polici procedur encrypt laptop comput ocr obtain written assur ce implement correct action list
## [1454] octob unencrypt laptop comput contain protect health inform phi individu disabl serv cover entiti ce union counti board development disabl stolen servic consultant’ car laptop contain name date birth social secur number medicaremedicaid number address behavior plan diagnos guardianship inform phone number email address parents’ name date elig case note third parti insur inform current live arrang ce provid breach notif hhs affect individu media ce also report theft proper author later recov laptop follow breach ce encrypt laptop retrain staff result ocr’ investig ce implement written hipaa polici procedur includ use disclosur safeguard phi electron phi breach notif polici procedur ce provid document substanti action taken
## [1455] henri ford health system cover entiti ce report breach occur septemb januari august octob ocr consolid breach one investig breach contain similar issu breach involv employe fail follow ce’ polici procedur septemb breach affect individu occur laptop comput stolen offic left unlock employe approxim four hour employe attend meet januari breach affect individu occur employe lost person portabl electron devic “flash” drive contain protect health inform phi august breach affect individu occur unencrypt desktop comput stolen lab secur access workforc member desktop comput purchas direct depart instead ce’ establish comput purchas procedur octob breach affect individu occur physician lost flash drive physician fail adher ce’ polici mandat use ce’ issu flash drive padlock phi involv breach includ clinic demograph inform ce provid breach notif affect individu media hhs resolv issu rais matter ce took follow voluntari action sanction employe involv breach depend sever employees’ noncompli follow septemb breach implement encrypt process purchas addit encrypt licens march implement program receiv use encrypt flash drive ocr obtain document assur ce implement correct action note ocr provid substanti technic assist ce secur rule’ risk analysi requir ce provid follow written assur ocr will creat robust asset manag program next month provid document program ocr complet enterpris data map asset inventori decemb submit fulli execut copi busi associ agreement baa ocr upon signatur master servic agreement msa statement work sow data map servic vendor chosen
## [1456] n
## [1457] unencrypt thumb drive contain electron protect health inform ephi individu stolen employe cover entiti ce busi associ ba quanterion solut inc ephi includ name address date birth driver licens number social secur number claim inform clinic inform diagnosiscondit lab result treatment inform medic upon discoveri breach ce surgic associ utica pc file polic report employe arrest ce provid breach notif hhs media affect individu provid credit monitor servic individu result ocr investig ce execut ba agreement
## [1458] cover entiti ce report unauthor remot access one desktop comput contain protect health inform phi peopl ce later determin comput store phi individu phi involv includ name address date birth social secur number follow breach ce updat secur polici procedur encrypt comput updat password retrain employe ocr provid technic assist
## [1459] n
## [1460] n
## [1461] web descript case duplic duplic post webpag summari
## [1462] juli cover entiti ce report paper document contain protect health inform phi stolen employe lock car park front employee’ home document includ name member identif number birthdat group number group name diagnost inform individu resid texa new mexico follow breach ce counsel employe respons breach revis polici procedur safeguard sent email staff remind import safeguard phi possess time ocr obtain document evidenc ce implement correct action list
## [1463] n
## [1464] may august two employe cover entiti ce first step counsel inc made photocopi document contain patient protect health inform phi disclos document attorney phi includ name insur number diagnosi inform date birth telephon number social secur number upon discoveri breach ce hire attorney seek immedi return photocopi contain ces patient phi ce provid breach notif hhs affect individu media result ocr investig ce transfer electron bill system password protect addit ce improv safeguard patient file lock unlock offic manag front desk protect window patient allow stand besid receptionist desk ocr obtain assur ce implement correct action list
## [1465] cover entiti ce la care health plan report accident mail error caus member identif id card mail wrong address annual member mail process mail error potenti affect individu includ name date birth address zip code ce provid breach notif hhs affect individu media follow breach ce edit case number address verif process print mail job vendor ce revis polici procedur exclud id card annual member mail result ocr’ investig provid technic assist regard cover entity’ oblig conduct accur thorough risk analysi implement secur measur suffici reduc risk vulner identifi analysi
## [1466] n
## [1467] comput contain electron protect health inform ephi patient stolen cover entiti ce coastal home respiratori burglari ephi includ name address phone number insur identif number social secur number diagnos comput password protect data encod ce prompt notifi law enforc provid breach notif affect individu hhs media follow breach ce cancel access password patient data chang patient data softwar server base system password protect encrypt ces bill softwar vendor chang ces account number prevent unauthor access ephi ce improv physic safeguard instal new alarm system follow ocr investig ce also improv safeguard phi implement new procedur activ report audit log secur report
## [1468] n
## [1469] cover entiti ce blount memori hospit report laptop comput contain electron protect health inform ephi individu stolen workforc member home ephi involv breach includ demograph financi inform ce provid breach notif affect individu hhs media follow breach ce review privaci secur polici procedur encrypt laptop improv hipaa train result ocr investig ocr provid technic assist regard ces secur incid procedur risk manag plan ocr also review ces hipaa polici procedur creat revis respons breach
## [1470] two former employe cover entiti ce took list patient inform competitor’ offic list contain name date birth address phone number patients—everi activ inact patient treat ce ce ceas oper octob eventu file voluntari dissolut florida secretari state effect juli ocr obtain assur ce longer busi
## [1471] cover entiti ce offic alexand j tikhtman md lost unencrypt flash drive contain electron protect health inform ephi individu flash drive recov ephi includ patient name treatment diagnost inform instanc date birth social secur number ce provid breach notif affect individu hhs media also establish dedic call center question relat breach offer free credit monitor ident theft servic individu whose social secur number breach ce updat privaci secur polici procedur relat use storag transmiss phi ocr obtain assur ce complet correct action list
## [1472] n
## [1473] n
## [1474] employee’ email account generat spam email may caus unintent releas protect health inform phi held kentucki cabinet health famili servic cfhs depart communiti base servic cover entiti ce ce provid breach notif hhs affect individu media post copi press releas chfs websit tollfre number result ocr’ investig ce requir workforc member sign agreement ensur understand role safeguard phi includ safeguard phish attack ce creat secur video new hire requir view use retrain current staff addit ocr obtain ce’ hipaa polici procedur compli requir privaci secur rule well breach notif rule
## [1475] n
## [1476] NA
## [1477] feinstein institut medic research feinstein agre settl potenti violat health insur portabl account act hipaa privaci secur rule us depart health human servic offic civil right ocr feinstein will pay million will adopt robust correct action plan correct defici hipaa complianc program effort alreadi begun research institut subject hipaa must held complianc standard hipaacov entities” said ocr director jocelyn samuel “ individu trust research process patient trust institut must assur inform kept privat secure” feinstein biomed research institut organ new york notforprofit corpor sponsor northwel health inc former known north shore long island jewish health system larg health system headquart manhasset new york compris twenti one hospit patient facil physician practic receiv breach notif feinstein involv unsecur electron protect health inform ephi ocr initi investig ascertain entity’ complianc hipaa rule ocr’ investig indic follow occur • feinstein impermiss disclos ephi individu feinsteinown laptop comput contain ephi left unsecur back seat employee’ car • feinstein fail conduct accur thorough risk analysi potenti risk vulner confidenti integr avail ephi held feinstein includ ephi aforement laptop comput • feinstein fail implement polici procedur grant access ephi workforc member • feinstein fail implement physic safeguard laptop contain ephi restrict access unauthor user • feinstein fail implement polici procedur govern receipt remov hardwar electron media contain ephi facil movement item within facil • feinstein fail implement mechan encrypt ephi altern document encrypt reason appropri implement equival altern measur encrypt safeguard ephi settlement requir feinstein establish comprehens complianc program design protect secur confidenti integr ephi includ • risk analysi risk manag plan • process evalu address environment oper chang affect secur ephi hold • polici procedur facilit complianc requir hipaa rule • train program cover requir privaci secur breach notif rule intend use member workforc
## [1478] ocr open investig cover entiti ce bhcare inc report laptop comput unencrypt backup tape contain electron protect health inform ephi individu stolen workforc member vehicl ephi includ name date birth social secur number health insur number patient assess diagnosi inform upon discov breach ce file polic report connecticut state polic ce provid breach notif affect individu hhs media post substitut notic websit ce offer one year free credit monitor servic affect individu result ocr investig ce complet risk analysi risk manag plan retrain employe implement new secur polici procedur ensur adequ safeguard ephi
## [1479] n
## [1480] cover entity’ ce backup hard drive stolen physician’ car along camera prescript pad item thrown asid except hard drive phi involv breach consist main name clinic note individu date birth involv instanc photo patients’ hand also involv follow breach ce file polic report result ocr’ investig ce updat hipaa polici retrain staff level contract third parti provid record storag servic encrypt
## [1481] anomal activ occur singl comput server util support clinic trial program cover entiti ce univers new mexico cancer center univers new mexico compon univers new mexico health scienc center electron protect health inform ephi includ name address date birth phone number patient identif number andor social secur number approxim individu upon discov breach ce follow investig procedur ce provid breach notif hhs affect individu media ce improv physic secur retrain staff ocr obtain assur ce implement correct action list
## [1482] two employe cover entiti ce univers miami hospit print patients’ face sheet excess job duti sold period month activ discov polic unrel hous raid follow notif polic ce conduct intern investig determin breach potenti involv protect health inform phi individu phi involv breach includ demograph clinic inform ce provid breach notif hhs affect individu media also appli sanction involv employe follow breach ce dissemin educ materi workforc review hipaa polici procedur also deploy program monitor electron system safeguard inappropri use ocr obtain assur ce took correct action list ce also confirm plan continu perform frequent access review period audit trail review creat retain audit log routin analysi
## [1483] n
## [1484] n
## [1485] n
## [1486] hipaa settlement emphas import risk analysi devic media control polici cancer care group pc agre settl potenti violat health insur portabl account act hipaa privaci secur rule us depart health human servic hhs offic civil right ocr cancer care paid will adopt robust correct action plan correct defici hipaa complianc program cancer care group radiat oncolog privat physician practic radiat oncologist serv hospit clinic throughout indiana august ocr receiv notif cancer care regard breach unsecur electron protect health inform ephi laptop bag stolen employee’ car bag contain employee’ comput unencrypt backup media contain name address date birth social secur number insur inform clinic inform approxim current former cancer care patient ocr’ subsequ investig found prior breach cancer care widespread noncompli hipaa secur rule conduct enterprisewid risk analysi breach occur juli cancer care place written polici specif remov hardwar electron media contain ephi facil even though common practic within organ ocr found two issu particular contribut breach enterprisewid risk analysi identifi remov unencrypt backup media area signific risk cancer care’ ephi comprehens devic media control polici provid employe direct regard respons remov devic contain ephi facil “organ must complet comprehens risk analysi establish strong polici procedur protect patients’ health information” said ocr director jocelyn samuel “ proper encrypt mobil devic electron media reduc likelihood breach protect health information” cancer care taken correct action regard specif requir privaci secur rule core enforc action well action come complianc provis hipaa rule resolut agreement correct action plan cap can found ocr websit httpwwwhhsgovocrprivacyhipaaenforcementexamplescancercarehtml hhs offer guidanc organ can conduct hipaa risk analysi httpwwwhealthitgovprovidersprofessionalssecurityriskassess learn nondiscrimin health inform privaci law civil right privaci right health care human servic set find inform file complaint visit us httpwwwhhsgovocroffic
## [1487] n
## [1488] n
## [1489] n
## [1490] employe person laptop comput contain unencrypt electron protect health inform ephi individu stolen vehicl ephi involv breach includ consum name identif number diagnosi code base servic unit number servic start end date servic name procedur code servic locat identifi unit author unit util unit cost total author amount total util amount author date fund sourc provid name master provid index number ce time notifi affect individu media hhs offer assist consum wish place fraud alert consum credit file follow breach ce creat implement new polici procedur improv safeguard polici prohibit download phi home comput portabl devic prohibit forward email contain phi person account cloud servic unauthor user requir fulldisk encrypt agenc laptop ocr obtain assur ce implement correct action list
## [1491] n
## [1492] august cover entiti ce apria healthcar inc report unencrypt laptop comput stolen workforc member’ lock vehicl laptop contain electron protect health inform ephi individu phi involv breach includ name address birth date social secur number isol instanc driver’ licens financi medic inform ce provid breach notif hhs affect individu media ce sanction workforc member encrypt laptop desktop comput retrain workforc member ocr obtain assur ce implement correct action note
## [1493] heartland patholog associ pa cover entiti ce discov past busi associ ba medic busi servic inc suffer breach employe download protect health inform phi portabl comput drive provid drive third parti breach affect individu includ patient name address telephon number social secur number date birth insur carrier insur polici number physician name diagnosi inform medic record number account number admiss discharg date gender ce delay provid breach notif due law enforc investig given approv ce time sent breach notif hhs affect individu media post substitut notif onlin ce contract florida hospit heartland medic center “hospital” annual hipaa train use comput maintain monitor hospital’ inform technolog depart ce receiv assur phi maintain ba destroy ocr obtain assur ce implement correct action list
## [1494] n
## [1495] n
## [1496] n
## [1497] cover entiti ce stanford health care shcformer stanford hospit clinic stanford school medicin som report juli passwordprotect comput stolen lock som workforc member offic electron protect health inform ephi approxim individu may affect incid ephi involv breach includ clinic demograph inform relat shc patient care som research ce report evid indic ephi inappropri access ce contact law enforc notifi affect individu offer ident protect servic cost affect individu establish tollfre call center assist affect individu question concern notif media hhs result breach ocr’ correspond investig ce implement addit physic safeguard audit sch desktop laptop ensur encrypt issu secur awar remind workforc initi plan implement improv risk manag process
## [1498] n
## [1499] NA
## [1500] n
## [1501] n
## [1502] n
## [1503] n
## [1504] n
## [1505] n
## [1506] n
## [1507] physician’ unencrypt person laptop comput use busi purpos stolen offic campus cover entiti ce beth israel deaco medic center laptop contain phi approxim individu includ short summari medic inform name social secur number two individu discov breach ce notifi polic hire independ forens firm ce provid breach notif hhs affect individu media ce also offer affect individu one year free credit monitor access dedic call center contact question regard incid result incid ce retrain staff enhanc data secur polici initi awar campaign educ alert workforc secur privaci issu ce improv technic safeguard encrypt disabl laptop ce counsel physician whose laptop stolen assur replac laptop secur desk encrypt ocr’ investig occur simultan massachusett attorney general’ offic ago investig incid pursuant inform share agreement ocr ago work collabor ensur correct action futur complianc ce
## [1508] n
## [1509] ce control access electron protect health inform ephi individu contain ce’ networkattach storag specif ce’ firewal set allow access port permit anyon outsid ce’ firewal access patient inform ephi involv breach includ name address email address date birth patient intak sheet invoic dental chart photo xray insur inform credit card number date birth social secur number ce provid breach notif hhs affect individu media follow breach ce close access unsecur port encrypt ephi upgrad oper system softwar workstat implement new firewal rule instal new server set automat softwar patch spywar remov deploy new virus spam filter ce also retrain employe implement extens polici procedur includ new backup procedur ephi ocr obtain assur correct action taken
## [1510] NA
## [1511] n
## [1512] n
## [1513] individu misrepres employe vendor contract cover entiti ce dispos xray film obtain access storag area contain film destroy stole approxim xray film ce ce strong believ film stolen due silver content rather patient inform protect health inform phi involv breach includ name address date birth medic record number account number xray type ce provid breach notif hhs media post substitut notic onlin follow breach ce examin polici procedur establish committe overse phi destruct process review physic secur campus issu email notic workforc member regard vendor secur ocr review ce’ polici procedur
## [1514] former employe cover entiti ce baylor health care system health texa provid network – cardiovascular consult north texa continu access appoint remind system near two month employ end former employe access protect health inform phi individu includ patients’ name phone number appoint time date reason appoint physicians’ name facil name ce provid breach notif hhs affect individu media follow breach ce termin former employee’ system access modifi access termin protocol sanction retrain involv staff result ocr’ investig ocr obtain assur correct action list complet
## [1515] n
## [1516] cover entiti ce dr bruce peller dmd pa discov april unauthor individu gain access patient protect health inform phi compil list inform ce determin individu may affect follow inform may access patient name legal guardian applic date birth address phone number email address treatment date intern identif number account balanc ce provid breach notif hhs affect individu media respons breach ce obtain injunct requir destruct return phi implement stronger train program workforc improv privaci secur polici ocr obtain assur ce implement correct action list
## [1517] laptop ipad portabl memori drive stolen offic dr karen kietzman cover entiti ce affect approxim individu electron protect health inform ephi contain devic includ patients’ demograph mental health inform ce provid breach notif hhs affect individu media result breach prevent recurr ce improv physic safeguard encrypt laptop stop store ephi electron media result ocr’ investig technic assist ce develop risk analysi risk manag plan develop polici procedur implement privaci secur breach notif rule
## [1518] april password protect laptop comput contain patient demograph inform auditori diagnost test data stolen offic hour back laboratori test room cover entiti ce wolf yun breach affect approxim individu electron protect health inform ephi laptop includ patients’ name address date birth raw auditori test data ce provid breach notif hhs affect individu media follow breach ce file polic report review polici procedur improv physic safeguard result ocr’ investig ce perform risk analysi instal secur router increas transmiss secur revis hipaa polici updat comput oper system creat formal incid respons report procedur retrain workforc
## [1519] may unencrypt laptop univers kentucki health care employe protect health inform phi approxim individu stolen workforc member’ son borrow laptop without permiss knew computer’ password phi involv breach includ medic record number date visit chief complaint cover entiti ce provid breach notif hhs media affect individu set tollfre number question post substitut notic websit respons workforc member suspend pend investig ultim resign ce creat revis hipaa polici procedur includ mobil devic polici implement addit secur measur address high moder risk identifi risk analysi final ce provid evid employe train secur remind ocr obtain assur correct action list complet
## [1520] n
## [1521] cover entiti ce staff member disclos unencrypt microsoft excel graph noncov entiti physician redisclos medic educ organ use present addit medic educ organ post present slide websit graph contain protect health inform phi individu includ name telephon number social secur number age citi state resid medic record number clinic inform upon discoveri breach ce ensur inform remov websit delet sanction workforc member respons retrain workforc use data loss prevent tool risk embed phi result ocr investig ce provid ocr evid technic safeguard secur awar initi provid assur implement correct action list
## [1522] n
## [1523] cover entiti ce metcar florida discov may facil broken tablet comput stolen tablet password protect encrypt contain follow type protect health inform phi patients’ name date birth patient identif number clinic inform theft affect individu ce provid breach notif hhs affect individu media post substitut notic websit respons breach ce encrypt portabl devic implement written polici requir physic safeguard portabl devic provid special train workforc ocr obtain assur ce implement correct action list
## [1524] n
## [1525] n
## [1526] cover entiti ce volunt state health plan mail three envelop contain protect health inform phi arriv contract provider’ address damag content miss envelop damag us postal facil process contain member claim inform individu includ members’ name identif number claim number date servic procedur code charg provid inform respons incid investig ce visit mail facil damag occur attempt determin document appropri shred usp polici damag mail addit ce’ mailroom began use tear resist envelop overs mail ce train mailroom employe new envelop polici final ce provid breach notif hhs media affect individu post substitut notic websit
## [1527] two desktop comput usb drive stolen breakin ce’ premis devic contain electron protect health inform ephi approxim individu ephi involv breach includ phone number email address state identif card inform demograph financi clinic diagnost treatment inform ce instal new lock ad hipaa polici procedur encrypt mobil devic result ocr’ technic assist ce revis polici procedur move backup server offsit secur storag facil stop save ephi local comput drive
## [1528] titus region medic center cover entiti ce report theft protect health inform phi undetermin number individu offsit storag locat phi involv breach includ first last name medic record number account number case doctor’ report ce file polic report provid breach notif hhs affect individu media ce also provid addit train involv employe result ocr’ investig ce conduct risk assess implement addit safeguard record contain storag locat
## [1529] ocr open investig cover entiti ce titus region medic center report em laptop comput contain protect health inform phi patient miss upon return emss last transport titus thought laptop left fender vehicl fell although laptop encrypt ce confirm laptop open close drop vehicl laptop open drop patients’ phi name social secur number address date birth may access other ce prove breach notif hhs affect individu media follow breach ce conduct intern audit determin glitch softwar paramet permit download storag patients’ record laptop regardless paramet set result ocr’ investig set laptop chang includ reduct time automat shut– laptop use ce appli sanction emt personnel involv retrain privaci polici novemb ce conduct system wide risk analysi includ system revis implement secur polici
## [1530] n
## [1531] n
## [1532] n
## [1533] n
## [1534] n
## [1535] n
## [1536] march unencrypt laptop comput contain patient inform lost stolen laptop contain demograph clinic financi inform individu cover entiti ce absolut foot ankl specialist inc provid breach notif hhs affect individu english spanish media respons breach ce disallow remov equip premis began use cloudbas electron medic record softwar ocr obtain assur ce implement correct action list
## [1537] n
## [1538] n
## [1539] n
## [1540] physician’ person own laptop comput use conduct busi behalf cover entiti ce ladi lake region medic center either misplac stolen laptop contain electron protect health inform ephi individu includ patients’ name age date time admissiondischarg race health coverag medic histori result icu treatment ce provid breach notif hhs affect individu establish call center employ servic provid ident protect servic result ocr’ investig ce establish final control polici person own devic use behalf ce
## [1541] n
## [1542] n
## [1543] march hogan servic inc hsi sponsor fulli insur employe health plan erron distribut email employe contain electron protect health inform ephi approxim individu ephi includ name social secur number date birth gender group health plan identif number member identif enrol date type coverag employe name date birth relationship inform employees’ spous depend enrol group health insur plan upon discov breach hsi direct email vendor shut email server construct incid respons team went workstat delet ephi employees’ comput shred copi email print hsi provid breach notif hhs affect individu result ocr’ investig hsi made decis accept store transmit ephi retrain workforc regard hipaa rule hsi also ad encrypt softwar employees’ account access ephi ocr obtain assur hsi implement correct action list
## [1544] n
## [1545] march cover entiti ce rite aid store discov hard copi prescript stolen storag build oceana west virginia prescript contain protect health inform phi approxim individu includ name prescript inform breach discov ce remov two remain box prescript storag unit secur ce also improv physic safeguard place new lock outsid storag facil ce report incid author sever staff member violat compani polici ensur storag area proper secur ce issu final written warn respons staff member ce provid breach notif hhs affect individu media also offer affect individu free ident theft protect servic one year ocr obtain assur ce implement correct action list
## [1546] n
## [1547] march trash bag contain discard appoint schedul inadvert remov “shred bin” baptist health system’ talladega clinic offic clean servic dispos dumpster without shred protect health inform phi involv breach includ patients’ name date birth date servic account number chart number approxim individu ce provid breach notif affect individu media hhs follow breach ce initi intern investig conduct risk assess updat polici procedur regard access shred bin result ocr’ investig ce review polici procedur staff ensur adequaci safeguard
## [1548] comput equip safe contain unencrypt electron protect health inform ephi individu stolen cover entitiy’ ce offic march ephi involv breach includ name address date birth social secur number claim inform diagnos medic inform follow breach cover entiti purchas new door lock new alarm system alarm monitor result ocr’ investig ce conduct risk analysi develop breach notif polici procedur ce also encrypt comput server
## [1549] n
## [1550] former employe cover entiti ce intracar north hospit stole comput monitor ce’ bill softwar protect health inform phi involv breach includ name address phone number date birth insur inform social secur number district attorney’ offic provid ce phi provid ce number patient affect ce provid breach notif hhs media affect individu individu notif includ tollfre number harri counti district attorney’ contact number follow ocr’ investig ce improv safeguard upgrad system allow specif monitor activ user creat user code track copier use ce also improv administr safeguard revis workforc clearanc procedur certain job improv physic safeguard instal surveil camera addit staff retrain hipaa rule
## [1551] n
## [1552] NA
## [1553] februari comput server stolen cover entiti ce shield famili server contain electron protect health inform ephi individu includ name address zip code birth date referr inform ce provid breach notif hhs affect individu media ce improv physic safeguard reloc new server lock offic secur within room ce initi major improv infrastructur revis secur program retrain workforc member revis polici procedur ocr obtain assur ce implement correct action note
## [1554] n
## [1555] cover entiti ce south carolina depart health human servic discov employe sent medicaid report person email januari april breach affect individu type protect health inform phi involv breach includ name address phone number social secur number individu medicaid identif number ce provid time breach notif hhs affect individu media ce also post notif breach websit respons breach ce suspend access ad hoc electron report initi comprehens review privaci secur safeguard contact local feder law enforc sanction respons employe ce also revis secur polici restrict employe access phi necessari individual’ job function implement autom monitor system track user activ comput system ce also implement annual privaci secur train ocr obtain assur ce implement correct action list
## [1556] laptop comput paper medic record stolen cover entiti ce tlc dental dania llc breakin ce report theft law enforc ce provid time breach notif affect individu hhs post notic websit ocr provid technic assist ce requir media notic respons breach ce adopt implement new hipaa polici address secur privaci breach notif rule ocr obtain assur ce staff train new polici
## [1557] n
## [1558] n
## [1559] februari cover entiti ce emori healthcar discov ten unencrypt backup compact disk cds contain electron protect health inform ephi miss type ephi involv breach includ clinic demograph data surgic patient treat three locat septemb april inform cds easili read use decommiss softwar ce provid breach notif hhs affect individu media follow breach ce requir everi depart inventori proper store destroy phi also distribut educ materi staff ocr obtain assur ce implement correct action list
## [1560] extens investig ocr determin drd knoxvill hipaa cover entiti time incid occur
## [1561] n
## [1562] memori healthcar system mhs paid us depart health human servic hhs million settl potenti violat health insur portabl account act hipaa privaci secur rule agre implement robust correct action plan mhs nonprofit corpor oper six hospit urgent care center nurs home varieti ancillari health care facil throughout south florida area mhs also affili physician offic organ health care arrang ohca mhs report hhs offic civil right ocr protect health inform phi individu impermiss access employe impermiss disclos affili physician offic staff inform consist affect individuals’ name date birth social secur number login credenti former employe affili physician’ offic use access ephi maintain mhs daili basi without detect april april affect individu although workforc access polici procedur place mhs fail implement procedur respect review modifi andor termin users’ right access requir hipaa rule mhs fail regular review record inform system activ applic maintain electron protect health inform workforc user user affili physician practic despit identifi risk sever risk analys conduct mhs “access ephi must provid author user includ affili physician offic staff” said robinsu frohboes act director hhs offic civil right “ organ must implement audit control review audit log regular case show lack access control regular review audit log help hacker malevol insid cover electron track make difficult cover entiti busi associ recov breach prevent happen”
## [1563] ces network server two local comput hack compromis comput virus result disclosur electron protect health inform ephi individu ephi includ name insur number diagnos medic histori date birth telephon number social secur number upon discoveri breach ce shut comput email system prevent unauthor access network core file addit ce decommiss previous use server deactiv network router disabl network access ephi discontinu previous util backup result ocr investig ce deploy new realtim firewal intrus detect system implement new measur softwar manag addit ce instal new network server deploy new router secur subscript activ monitor intern network traffic extern threat pattern implement central antivirus softwar system
## [1564] n
## [1565] ocr open investig cover entiti ce utah depart health report hacker gain access network server busi associ ba utah depart technolog servic dts cyberattack hacker copi unencrypt electron protect health inform ephi approxim individu internet protocol address romania ephi involv breach includ name address birth date social secur number physicians’ name procedur code design bill purpos ce provid breach notif hhs affect individu media provid free credit monitor affect individu follow breach ce enter ba agreement dts also improv safeguard develop incid respons plan improv password manag process strengthen secur practic includ encrypt improv firewal complet new risk analysi risk manag plan ocr obtain assur ce implement correct action note
## [1566] n
## [1567] n
## [1568] NA
## [1569] former workforc member cover entiti ce accentcar home health care ca download forward electron protect health inform ephi approxim individu via person email account exworkforc member ephi includ name address zip code social secur number diagnos condit discov near year incid deposit intend recipi deni request receiv ephi ce provid breach notif hhs affect individu media follow discoveri breach ce hire third parti conduct risk assess follow recommend risk manag process began work toward obtain hitrust certif result ocr’ investig ce improv understand risk analysi risk manag process
## [1570] n
## [1571] n
## [1572] n
## [1573] n
## [1574] workforc member email person email address file contain protect health inform phi individu includ name medicar number medicaid number enrol status health plan name workforc member temporari worker intend show work product potenti employ demonstr experi work cover entiti ce centerlight healthcar provid breach notif hhs affect individu media follow breach ce ensur temporari worker delet email issu person email account person mobil devic ce also attempt secur temporari worker’ written acknowledg confirm either save file home desktop comput ii delet file home desktop comput ce also sanction worker addit ce stop use temporari worker implement email encrypt solut revis hipaa train ocr obtain assur ce implement correct action list
## [1575] n
## [1576] n
## [1577] n
## [1578] decemb name date birth medic record number clinic note cover entity’ ce patient avail network server websit ce disabl websit remov patients’ demograph clinic inform network server ce provid breach notif hhs affect individu media result ocr’ investig ce provid fraud credit monitor affect individu retrain staff technic safeguard
## [1579] unsecur tablet comput stolen employee’ vehicl januari protect health inform phi involv breach includ name address date birth treat physicians’ name health screen result individu cover entiti ce provid breach notif hhs affect individu media result ocr’ investig ocr review ce’ hipaa polici document workforc train relat safeguard mobil devic risk analysi relat mobil devic follow incid ce implement addit technic safeguard includ encrypt solut part mobil devic manag program
## [1580] januari cover entity’ ce employe discov laptop comput stolen front porch home laptop contain electron protect health inform ephi patient includ name date birth health data laptop lack virtual privat network connect data password protect encrypt ce provid breach notif hhs affect individu media respons breach ce encrypt employe laptop implement mobil devic remot access polici updat electron data backup polici ce also train staff hipaa privaci secur polici addit ce counsel employe failur maintain physic secur ce’ properti ocr obtain assur ce implement correct action list
## [1581] unencrypt laptop comput extern hard drive contain electron protect health inform ephi individu stolen staff member cover entiti ce busi associ ba ephi includ name age sex social secur number medic servic provid diagnosi code date servic upon discoveri breach ce file polic report provid breach notif hhs media affect individu result ocr investig ce ba conduct risk analysi implement new secur polici procedur ensur adequ safeguard protect ephi retrain employe addit ce also ba chang secur practic includ encrypt laptop restrict use portabl media devic ocr obtain assur ce implement correct action list requir one addit correct action ocr identifi need ce implement certain secur polici procedur control
## [1582] n
## [1583] unencrypt laptop comput extern hard drive contain electron protect health inform ephi individu stolen staff member ces busi associ ba ephi includ name age gender social secur number medic servic provid diagnosi code date servic upon discoveri breach ce file polic report recov stolen item ce also provid breach notif affect individu hhs media result ocr investig ce ba conduct risk analysi implement new secur polici procedur ensur adequ safeguard protect ephi retrain employe ce also ba chang secur practic includ encrypt laptop restrict use portabl media devic
## [1584] ocr open investig cover entiti ce report two unencrypt laptop stolen contain electron protect health inform ephi individu ephi includ name pictur upon discoveri breach ce file polic report recov stolen item result ocr investig ce encrypt comput chang lock number key system instal lock secur portabl devic storag addit ce start use identif number instead name patient file ce also revis secur polici train staff polici
## [1585] n
## [1586] ocr open investig cover entiti ce centro de servicio de cuidado dirigido inc dba metro salud grupo profesion report unencrypt laptop comput extern hard drive contain electron protect health inform ephi individu stolen staff member ce’ busi associ ba quantum health ephi includ name age sex social secur number medic servic provid diagnosi code date servic upon discoveri breach ce file polic report recov stolen item result ocr’ investig ce ba conduct risk analysi implement new secur polici procedur ensur adequ safeguard protect ephi retain employe addit ce also ba chang secur practic includ encrypt laptop restrict use portabl media devic last ce also provid media notif notif individu affect breach
## [1587] ocr open investig cover entiti ce first proveedor aliado por tu salud report unencrypt laptop comput extern hard drive contain electron protect health inform ephi individu stolen staff member ces busi associ ba quantum health ephi includ name age sex social secur number medic servic provid diagnosi code date servic upon discoveri breach ce file polic report provid breach notif individu affect breach hhs media result ocr investig ce ba conduct risk analysi implement new secur polici procedur ensur adequ safeguard protect ephi retrain employe addit ce also ba chang secur practic includ encrypt laptop restrict use portabl media devic
## [1588] cover entiti ce file breach report ocr extern hard drive laptop comput contain electron protect health inform ephi individu stolen ces busi associ ba ephi includ name age sex social secur number medic servic provid diagnosi code date servic immedi follow breach ce conduct risk assess file breach report provid ocr copi ba agreement addit ce notifi affect individu breach issu press releas result ocr investig ce requir ba revis secur practic includ laptop encrypt restrict use portabl media devic outlin bas newli develop secur polici procedur
## [1589] laptop comput contain electron protect health inform ephi approxim individu stolen cover entiti ce laboratori manag offic ephi involv breach includ patient name date birth clinic identif number laboratori result follow breach ce report theft build manag compani manag compani investig theft determin clean personnel stolen laptop compani report patient inform compromis databas access without proprieti softwar special assist result ocr investig physic secur improv hous replac laptop lock drawer lock offic limit staff access ce also implement new polici prohibit storag phi laptop comput updat addit polici procedur enhanc safeguard system contain phi
## [1590] workforc member cover entiti ce robley rex va medic center lost stolen binder code report contain protect health inform phi individu binder left unattend outsid entranc facil return soon thereaft workforc member inpati facil discov log book phi involv breach includ phi approxim individu includ name social secur number discharg date ce provid breach notif hhs affect individu media offer free credit protect affect individu follow breach ce suspend employe sent bulletin employe indic permit maintain log book transport phi outsid facil without author result ocr’ investig ce review polici procedur ensur adequaci safeguard
## [1591] anchorag communiti mental health servic acmh agre settl potenti violat health insur portabl account act hipaa secur rule depart health human servic hhs offic civil right ocr acmh will pay adopt correct action plan correct defici hipaa complianc program acmh fivefacil nonprofit organ provid behavior health care servic children adult famili anchorag alaska ocr open investig receiv notif acmh regard breach unsecur electron protect health inform ephi affect individu due malwar compromis secur inform technolog resourc ocr’ investig reveal acmh adopt sampl secur rule polici procedur follow moreov secur incid direct result acmh fail identifi address basic risk regular updat resourc avail patch run outdat unsupport softwar “success hipaa complianc requir common sens approach assess address risk ephi regular basis” said ocr director jocelyn samuel “ includ review system unpatch vulner unsupport softwar can leav patient inform suscept malwar risks” acmh cooper ocr throughout investig respons technic assist provid date addit settlement amount agreement includ correct action plan requir acmh report state complianc ocr twoyear period resolut agreement can found ocr websit httpwwwhhsgovocrprivacyhipaaenforcementexamplesindexhtml
## [1592] jeremaih j twomey facp pa file breach notif report march busi associ ba state offic build suit ransack vandal weekend decemb extern hard drive stolen contain patient name address medic condit diagnos instanc social secur number date birth number patient affect ba provid breach notif hhs affect individu media ocr initi investig subsequ learn jeremaih j twomey facp pa longer busi associ cover entiti dr twomey retir close practic
## [1593] n
## [1594] unencrypt laptop comput extern hard drive contain electron protect health inform ephi individu stolen staff member cover entiti ce busi associ ba ephi includ name age sex social secur number medic servic provid diagnosi code date servic upon discoveri breach ce file polic report recov stolen item provid breach notif hhs media individu affect breach result ocr investig ce ba conduct risk analysi implement new secur polici procedur ensur adequ safeguard protect ephi retrain employe addit ce also ba chang secur practic includ encrypt laptop restrict use portabl media devic ocr obtain assur ce implement correct action list requir two addit correct action ocr identifi need ce complet risk assess implement certain secur polici procedur
## [1595] n
## [1596] n
## [1597] n
## [1598] ce report physician’ personallyown unencrypt laptop stolen resid laptop contain medic record patient seen physician solo privat practic ce medic record contain demograph inform includ home address social secur number clinic inform includ diagnos treatment inform medic histori prior theft physician close privat practic provid electron copi patient record ce ce custodian record provid breach notif hhs affect individu media follow addit technic assist provid ocr ce develop written breach polici procedur
## [1599] extern hard drive stolen radiolog depart cover entiti ce ochsner health system electron protect health inform ephi hard drive includ name address date birth medic record number approxim individu ce provid breach notif hhs affect individu media result breach ce improv technic safeguard updat polici procedur ocr obtain assur ce implement correct action list
## [1600] cover entiti ce motion pictur industri health plan mpihp mistaken sent mail contain protect health inform phi prior address approxim individu due comput error phi involv breach includ name claim number date servic provid name ce provid breach notif affect individu hhs media post substitut notic websit follow breach ce institut addit safeguard includ automat suppress document conflict address contain multipl comput system result ocr investig ce updat polici conduct new risk analysi develop new risk manag plan
## [1601] n
## [1602] st joseph health sjh agre settl potenti violat health insur portabl account act hipaa privaci secur rule follow report file contain electron protect health inform ephi public access internet search engin sjh nonprofit integr cathol health care deliveri system sponsor st joseph health ministri will pay settlement amount adopt comprehens correct action plan sjh’s rang servic includ acut care hospit home health agenc hospic care outpati servic skill nurs facil communiti clinic physician organ throughout california part texa new mexico februari sjh report us depart health human servic offic civil right ocr certain file creat particip meaning use program contain ephi public access internet februari februari via googl possibl internet search engin server sjh purchas store file includ file share applic whose default set allow anyon internet connect access upon implement server file share applic sjh examin modifi result public unrestrict access pdf file contain ephi individu includ patient name health status diagnos demograph inform ocr’ investig indic follow potenti violat hipaa rule • februari februari sjh potenti disclos phi individu • evid indic sjh fail conduct evalu respons environment oper chang present implement new server meaning use project therebi compromis secur ephi • although sjh hire number contractor assess risk vulner confidenti integr avail ephi held sjh evid indic conduct patchwork fashion result enterprisewid risk analysi requir hipaa secur rule addit settlement sjh agre correct action plan requir organ conduct enterprisewid risk analysi develop implement risk manag plan revis polici procedur train staff polici procedur resolut agreement correct action plan may found ocr websit httpwwwhhsgovhipaaforprofessionalscomplianceenforcementagreementssjh
## [1603] comput server goshen health system’ busi associ ba silver tech may inject virus decemb ba oper consum websit behalf cover entiti ce employ preregistr screen diagnost test ba’ server contain electron protect health inform ephi approxim individu includ patients’ name social secur number address insur carrier test inform financi inform ce provid breach notif hhs affect individu media also notifi indiana attorney general’ offic fbi offer one year free credit monitor servic affect individu follow breach ce termin relationship ba engag outsid forens secur firm conduct intern investig updat websit ce revis hipaa polici procedur updat practic ensur proper execut busi associ agreement vendor parti may access phi ce train employe polici procedur document recent risk analysi correspond risk manag plan ocr obtain document evidenc ce implement correct action list
## [1604] n
## [1605] cover entiti ce medco health solut inc report mail letter contain protect health inform phi individu incorrect address due corrupt data mail softwar program code conduct risk assess ce determin actual number affect individu phi includ name medic name prescript number ce provid breach notif hhs affect individu upon discoveri breach ce immedi ceas use updat mail softwar system result ocr investig ce correct updat mail softwar system establish manual qualiti check process ce also implement use daili autom surveil system mail softwar
## [1606] n
## [1607] n
## [1608] n
## [1609] n
## [1610] n
## [1611] unencrypt usb drive stolen vehicl univers miami pathologist drive contain electron protect health inform ephi patient includ name age diagnos treatment inform cover entiti ce provid breach notif hhs affect individu media also establish websit relat breach offer credit monitor affect individu follow breach ce implement sanction ceas relat pathologist independ contractor retrain personnel safeguard notabl encrypt data protect secur awar ocr obtain assur correct action list complet
## [1612] us depart health human servic offic civil right ocr announc health insur portabl account act hipaa settlement base lack secur manag process safeguard electron protect health inform ephi metro communiti provid network mcpn federallyqualifi health center fqhc agre settl potenti noncompli hipaa privaci secur rule pay implement correct action plan settlement amount ocr consid mcpn’s status fqhc balanc signific violat mcpn’s abil maintain suffici financi stand ensur provis ongo patient care mcpn provid primari medic care dental care pharmaci social work behavior health care servic throughout greater denver colorado metropolitan area approxim patient per year larg major incom poverti level januari mcpn file breach report ocr indic hacker access employe email account obtain individu ephi phish incid ocr’ investig reveal mcpn took necessari correct action relat phish incid howev investig also reveal mcpn fail conduct risk analysi midfebruari prior breach incid mcpn conduct risk analysi assess risk vulner ephi environ consequ implement correspond risk manag plan address risk vulner identifi risk analysi mcpn final conduct risk analysi risk analysi well subsequ risk analys insuffici meet requir secur rule “patient seek health care trust provid will safeguard protect health information” said ocr director roger severino “complianc hipaa secur rule help cover entiti meet import oblig patient communities” resolut agreement correct action plan may found ocr websit httpwwwhhsgovhipaaforprofessionalscomplianceenforcementagreementsmcpn
## [1613] three password protect desktop comput stolen result breakin electron protect health inform ephi involv breach may contain name social secur number address date birth claim inform diagnosi treatment inform individu ce provid breach notif hhs affect individu media also provid substitut notic follow breach ce upgrad softwar address facil access control ocr provid technic assist regard encrypt standard breach notif requir
## [1614] n
## [1615] ocr open investig cover entiti ce report two unencrypt laptop stolen contain electron protect health inform ephi individu ephi includ name date birth diagnost test result social secur number upon discoveri breach ce file polic report recov stolen item result ocr investig ce instal secur camera new door lock chang code outsid entranc keypad lock ce also encrypt laptop comput
## [1616] n
## [1617] binder contain flu test result went miss lab cover entiti ce muskoge region medic center decemb binder contain protect health inform phi approxim individu includ patients’ name account number gender medic record number date birth age test date flu test result although ce’ investig confirm inform impermiss disclos provid breach notif potenti affect individu hhs media follow discoveri incid ce retrain laboratori workforc member regard proper handl dispos procedur phi also determin elimin paper record store futur similar record electron ocr obtain assur correct action list complet
## [1618] n
## [1619] januari laptop comput stolen employee’ vehicl laptop contain electron protect health inform ephi approxim kansa depart age custom ephi includ customers’ name address date birth type servic case manag telephon number date qualiti review name qualiti review staff kdoa file polic report provid breach notif hhs affect individu media issu substitut notic follow breach kdoa retrain workforc encrypt laptop thumbflash drive ocr obtain assur kdoa implement correct action list upon investig ocr determin kdoa meet definit cover entiti
## [1620] NA
## [1621] without permiss cover entiti ce employe provid list patient name local counsel center employe leav ce begin employ new counsel center attempt coordin care patient treat list contain phi approxim individu includ name date birth address phone number name insur carrier facil code follow disclosur ce provid breach notif hhs media individu affect sanction former employe violat polici procedur ce also chang procedur list manag ce sent remind health care provid regard handl phi made plan provid hipaa complianc inform qualiti assur newslett
## [1622] n
## [1623] rightnow technolog softwar vendor busi associ ba cover entiti ce mdwise fail disabl softwar switch allow googl index file ce’ host websit contain electron protect health inform ephi approxim individu ephi includ individuals’ name address zip code medicaid number primari care physicians’ name address follow breach ce took file issu disallow index search ce’ file internet search engin ad restrict ce also request googl remov index affect file obtain confirm googl cooper within hour ce provid breach notif hhs affect individu media final ce improv technic safeguard pursuant hipaa secur rule ocr obtain assur ce implement correct action list
## [1624] n
## [1625] n
## [1626] n
## [1627] n
## [1628] n
## [1629] laptop contain protect health inform phi approxim client stolen workforc member vehicl subsequ use access cover entiti ce compani server laptop contain client demograph inform incid ce perform risk analysi specif breach occurr ce provid ocr copi risk analysi well privaci breach notif secur polici procedur follow ocr investig ce perform broader secur risk assess encrypt mobil media ce also develop provid comput secur train staff member
## [1630] ocr open investig cover entiti ce aegi scienc corp ce report laptop comput unencrypt extern hard drive contain electron protect health inform ephi individu stolen workforc member vehicl ephi includ social secur number driver licens number demograph inform well bank account inform fourteen individu credit card inform three individu upon discov breach ce file polic report hire privat investig recov stolen item ce also initi plan encrypt laptop revis secur procedur retrain employe offer credit monitor affect individu result ocr investig ce complet secur risk analysi risk manag report implement new secur polici procedur ensur adequ safeguard protect ephi ce also provid media notif two local greater individu affect addit ce encrypt employe comput remov media contain ephi retrain employe ces confidenti secur polici
## [1631] n
## [1632] n
## [1633] n
## [1634] n
## [1635] n
## [1636] n
## [1637] n
## [1638] NA
## [1639] n
## [1640] n
## [1641] equip oper state postal facil set machin insert four page per envelop instead one page per envelop caus phi four individu sent one address per envelop error affect approxim enrolle letter contain inform name address birth date social secur number result ce retrain employe submit breach report hhs provid notic affect individu notifi media creat tollfre number inform regard incid post notic websit modifi polici remov ssn templat futur mail offer ident theft protect affect individu follow ocr investig ce provid review polici procedur ensur adequ safeguard place
## [1642] n
## [1643] NA
## [1644] ocr open investig cover entiti ce dalla counti hospit district dba parkland health hospit system report former workforc member still employ download name certain person inform patient electron protect health inform ephi involv breach includ name social secur number date birth demograph inform approxim individu download inform use solicit potenti client workforc member’ person busi home health agenc ce provid breach notif hhs affect individu offer free credit monitor servic year ce termin workforc member involv incid pursu crimin charg result ocr’ investig ce develop program track anomali detect inappropri use access ce revis code conduct ethic increas focus conflict interest confidenti phi
## [1645] octob cover entiti ce medcent one inc merg sanford health juli fail safeguard electron protect health inform ephi approxim patient unencrypt passwordprotect laptop comput bag contain patient charg ticket stolen employee’ vehicl type ephi involv breach includ demograph inform ce provid breach notif hhs affect individu media ce encrypt laptop comput implement new inform technolog secur polici procedur retrain staff new polici sanction respons employe ocr obtain assur ce implement correct action list
## [1646] n
## [1647] cover entiti ce lawrenc memori hospit busi associ ba perform secur updat ces websit potenti allow impermiss disclosur individu electron protect health inform ephi ephi consist name address demograph inform credit cardbank account number upon discov breach ce shut websit remov identifi cach page contain ephi start action termin relationship ba updat breach notif polici ce also provid breach notif affect individu hhs media post substitut notic websit offer credit monitor servic affect individu result ocr investig ce final new breach notif polici updat ba contract retrain staff privaci secur breach notif polic
## [1648] workforc member cover entiti ce amerigroup communiti care new mexico access compani data system compil list members’ name date birth social secur number protect health inform phi approxim individu involv breach workforc member job specif purpos access download inform follow breach ce termin workforc member involv ce conduct intern review procedur determin whether addit secur control need result ocr’ investig ce provid addit train email remind workforc members’ respons protect member inform report incid observ
## [1649] n
## [1650] n
## [1651] n
## [1652] n
## [1653] n
## [1654] n
## [1655] two laptop comput contain electron protect health inform ephi approxim individu stolen ce ephi includ patient name date birth social secur number ce provid breach notif affect individu hhs media result ocr investig ce instal encrypt softwar increas physic secur
## [1656] n
## [1657] newli hire employe impermiss took patient registr document home record taken includ protect health inform patient inform issu includ name address birth date social secur number driver licens number result ce termin employe provid notic affect individu amend registr procedur implement addit safeguard inform offer ident theft protect affect individu
## [1658] n
## [1659] unencrypt laptop comput contain electron protect health inform ephi individu stolen cover entiti ce school base health center ephi includ name date birth sex ethnic height weight bodi mass index data complet physic examin inform asthma obes inform health action plan enrol date upon discoveri breach ce file polic report recov stolen laptop result ocr investig ce purchas lock physic secur school health comput desk comput locat addit ce encrypt portabl devic hard drive instal softwar track portabl devic ce also retrain staff polici procedur use secur ephi
## [1660] doctor letter report expos internet one month secur configur cover entiti ce comput server chang electron protect health inform ephi individu appear internet includ patient name birth date medic histori diagnos treatment plan follow breach ce identifi block internet protocol ip address allow access ephi internet remov web portal facilit access restor affect server previous secur configur result ocr investig ce implement monitor report electron inform system transmit ephi ocr obtain assur breach notif provid affect individu media hhs
## [1661] n
## [1662] n
## [1663] cover entiti ce busi associ ba ship microfilm record contain protect health inform phi workforc member microfilm lost transit recov phi includ clinic inform diagnos name address zip code date birth social secur number driver licens number identifi follow breach ce chang procedur requir phi ship via new mail carrier requir confirm signatur upon receipt allow track packag result ocr investig ce retrain employe hipaa polici procedur
## [1664] busi associ ba cover entiti ce conway region medic center sent ce two compact disk contain scan medic record mislaid follow receipt protect health inform phi involv breach includ demograph financi inform individu ce provid breach notif hhs media affect individu follow breach ce instruct ba encrypt remov media contain phi hand deliv remov media ce’ medic record depart ce improv administr safeguard updat polici procedur now requir signatur employe receiv depart packag deliv also workforc member depart involv breach attend addit hipaa train result ocr’ investig ce longer routin send phi site scan
## [1665] n
## [1666] NA
## [1667] n
## [1668] n
## [1669] n
## [1670] n
## [1671] lahey hospit medic center lahey agre settl potenti violat health insur portabl account act hipaa privaci secur rule us depart health human servic hhs offic civil right ocr lahey will pay will adopt robust correct action plan correct defici hipaa complianc program lahey nonprofit teach hospit affili tuft medic school provid primari specialti care burlington massachusett lahey notifi ocr laptop stolen unlock treatment room overnight hour august laptop stand accompani portabl ct scanner laptop oper scanner produc imag view lahey’ radiolog inform system pictur archiv communic system laptop hard drive contain protect health inform phi individu evid obtain ocr’ subsequ investig indic widespread noncompli hipaa rule includ •failur conduct thorough risk analysi ephi •failur physic safeguard workstat access ephi •failur implement maintain polici procedur regard safeguard ephi maintain workstat util connect diagnosticlaboratori equip •lack uniqu user name identifi track user ident respect workstat issu incid •failur implement procedur record examin activ workstat issu incid •impermiss disclosur individuals’ phi “ essenti cover entiti appli appropri protect workstat associ medic devic diagnost laboratori equipment” said ocr director jocelyn samuel “ workstat often contain ephi high portabl ephi must consid entity’ risk analysi entiti must ensur necessari safeguard conform hipaa’ standard place” addit settlement lahey must address histori noncompli hipaa rule provid ocr comprehens enterprisewid risk analysi correspond risk manag plan well report certain event provid evid complianc resolut agreement correct action plan can found ocr websit httpwwwhhsgovocrprivacyhipaaenforcementexampleslahey
## [1672] n
## [1673] adult pediatr dermatolog pc concord mass apderm agre settl potenti violat health insur portabl account act hipaa privaci secur breach notif rule depart health human servic agre payment apderm will also requir implement correct action plan correct defici hipaa complianc program apderm privat practic deliv dermatolog servic four locat massachusett two new hampshir case mark first settlement cover entiti polici procedur place address breach notif provis health inform technolog econom clinic health hitech act pass part american recoveri reinvest act arra hhs offic civil right ocr open investig apderm upon receiv report unencrypt thumb drive contain electron protect health inform ephi approxim individu stolen vehicl one staff member thumb drive never recov investig reveal apderm conduct accur thorough analysi potenti risk vulner confidenti ephi part secur manag process apderm fulli compli requir breach notif rule place written polici procedur train workforc member say health care ounc prevent worth pound cure said ocr director leon rodriguez good risk manag process identifi mitig risk bad thing happen cover entiti size need give prioriti secur electron protect health inform addit resolut amount settlement includ correct action plan requir ap derm develop risk analysi risk manag plan address mitig secur risk vulner well provid implement report ocr
## [1674] n
## [1675] lock cabinet remov servic desk area wilmington delawar facil cover entiti ce nemour foundat august remodel project cabinet hous three unencrypt backup tape contain electron protect health inform ephi individu ephi involv breach includ patients’ name address social secur number diagnos procedur code ce provid breach notif hhs affect individu media offer one year free credit monitor affect individu follow incid ce hire privat investig assist locat miss backup tape howev recov addit ce retain navig consult assess recover inform conduct valid review ce’ intern analys respons incid ce improv safeguard encrypt backup tape storag devic electron media may contain ephi move backup tape secur offsit facil instal nonmov storag cabinet data center implement twofactor authent access ephi also hire system administr manag audit backup procedur retrain staff updat creat hipaa polici procedur includ rolebas access cabinet contain backup data ocr obtain assur correct action list carri
## [1676] unencrypt password protect laptop comput stolen car employe medic resid cover entiti ce laptop contain electron protect health inform ephi approxim individu type ephi breach includ name medic record number birth date diagnosi code social secur number ce provid breach notif hhs affect individu media follow breach ce audit employee’ depart equip retrain involv employe staff updat hipaa polici procedur encrypt laptop comput ocr obtain written assur ce implement correct action list
## [1677] n
## [1678] n
## [1679] hipaa settlement demonstr import implement safeguard ephi us depart health human servic offic civil right ocr announc health insur portabl account act hipaa settlement base impermiss disclosur unsecur electron protect health inform ephi mapfr life insur compani puerto rico mapfr agre settl potenti noncompli hipaa privaci secur rule pay million implement correct action plan resolut amount ocr balanc potenti violat hipaa rule evid provid mapfr regard present financi stand mapfr subsidiari compani mapfr sa global multin insur compani headquart spain mapfr underwrit administ varieti insur product servic puerto rico includ person group health insur plan septemb mapfr file breach report ocr indic usb data storag devic describ “pen drive” contain ephi stolen depart devic left without safeguard overnight accord report usb data storag devic includ complet name date birth social secur number report note breach affect individu mapfr inform ocr abl identifi breach ephi reconstitut data comput usb data storag devic attach ocr’ investig reveal mapfre’ noncompli hipaa rule specif failur conduct risk analysi implement risk manag plan contrari prior represent failur deploy encrypt equival altern measur laptop remov storag media septemb mapfr also fail implement delay implement correct measur inform ocr undertak “cover entiti must make assess safeguard ephi must act assess well” said ocr director jocelyn samuel “ocr work tireless collabor cover entiti set clear expect consequences” resolut agreement correct action plan may found ocr websit httpwwwhhsgovhipaaforprofessionalscomplianceenforcementagreementsmapfr
## [1680] n
## [1681] septemb summit medic group smg employee’ car burglar result theft paper report contain protect health inform phi approxim cover entity’ ce patient phi involv breach includ account number patients’ name physicians’ name name hospit date discharg date birth name insur provid discharg diagnos ce provid breach notif hhs media affect individu also offer credit monitor servic creat custom servic center handl question follow breach ce initi intern investig file polic report notifi affect physician site breach conduct risk assess adopt addit identif verif measur affect individu result ocr’ investig ce updat hipaa polici procedur improv safeguard encrypt laptop comput
## [1682] unencrypt laptop comput store electron protect health inform ephi approxim individu stolen lock vehicl workforc member accret health busi associ ba cover entiti ce fairview health servic ephi includ individuals’ name address date birth social secur number financi inform clinic inform ce provid breach notif hhs affect individu media also provid complimentari credit monitor servic affect individu follow breach ce investig root caus breach develop new polici address risk associ share sensit data third parti obtain assur ba undertak appropri correct action ocr obtain copi ba agreement ce ba time breach ocr also obtain evid assur ce implement correct action list
## [1683] north memori health care minnesota agre pay settl charg potenti violat health insur portabl account act hipaa privaci secur rule fail enter busi associ agreement major contractor fail institut organizationwid risk analysi address risk vulner patient inform north memori comprehens notforprofit health care system minnesota serv twin citi surround communiti “two major cornerston hipaa rule overlook entity” said jocelyn samuel director us depart health human servic hhs offic civil right ocr “organ must place compliant busi associ agreement well accur thorough risk analysi address enterprisewid infrastructure” ocr initi investig north memori follow receipt breach report septemb indic unencrypt passwordprotect laptop stolen busi associate’ workforc member’ lock vehicl impact electron protect health inform ephi individu ocr’ investig indic north memori fail place busi associ agreement requir hipaa privaci secur rule busi associ perform certain payment health care oper activ behalf north memori gave busi associ accret health inc access north memorial’ hospit databas store ephi patient accret also receiv access nonelectron protect health inform perform servic onsit north memori investig determin north memori fail complet risk analysi address potenti risk vulner ephi maintain access transmit across entir infrastructur includ limit applic softwar databas server workstat mobil devic electron media network administr secur devic associ busi process addit payment north memori requir develop organizationwid risk analysi risk manag plan requir secur rule north memori will also train appropri workforc member polici procedur newli develop revis pursuant correct action plan
## [1684] box contain paper record tissu implant use surgeri discard wast dispos contractor cover entiti ce nyu hospit joint diseas inventori manag depart box properti secur box contain protect health inform phi individu includ name date birth date surgeri surgeon name procedur type serial number tissu use surgeri upon discoveri breach ce contact wast dispos contractor determin document discard buri landfil state ce provid breach notif hhs media affect individu post substitut notic websit result ocr investig ce improv safeguard store tissu record lock cabinet requir manag store key addit ce counsel employe involv incid retrain staff polici procedur safeguard phi ce also implement plan conduct review hipaa complianc includ physic access physic secur risk
## [1685] n
## [1686] n
## [1687] unencrypt laptop possibl contain electron protect health inform ephi patient stolen employee’ person vehicl ephi potenti involv breach includ patients’ name contact inform social secur number date birth diagnos account number physician name type procedur servic date servic health insur inform ce provid breach notif hhs affect individu media follow breach ce termin employe result ocr’ investig ce updat encrypt polici procedur requir verifi encrypt comput use conduct mandatori annual comput safeti train
## [1688] n
## [1689] n
## [1690] cover entiti ce us depart veteran affair va gulf coast veteran health care system biloxi veteran affair medic center biloxi vamc report offic employe vandal paper file found offic floor protect health inform phi approxim individu compromis phi includ full name social secur number date birth medic diagnos ce provid breach notif hhs media affect individu follow breach va polic facil review procedur continu foot patrol ensur offic door lock nonbusi hour ce provid addit train workforc member affect depart physic secur polici procedur improv safeguard phi ocr obtain assur ce implement correct action list
## [1691] n
## [1692] august password protect unencrypt laptop comput stolen nurse’ car laptop contain electron protect health inform ephi individu ephi laptop includ name address phone number primari care physician caregiv contact social secur number ce provid breach notif hhs affect individu media follow breach ce review polici procedur appli employe sanction retrain workforc implement filelevel encrypt pursuant technic assist provid ocr ce implement addit administr safeguard includ new polici prohibit employe leav laptop unattend vehicl
## [1693] medic record stolen offsit storag facil cover entiti ce john t melvin associ protect health inform phi involv breach includ name date birth social secur number claim inform diagnosescondit medic lab result treatment inform approxim individu ce provid breach notif hhs affect individu media result ocr’ investig ce chang polici record now kept onsit record immedi shred requir retent time elaps accord applic state law
## [1694] n
## [1695] ocr open investig cover entiti ce dr pedro valentin report box contain protect health inform phi individu move ces offic phi includ name account number respons parti charg account method payment ocr investig reveal individu remov phi ces wife busi partner ce advis ocr knew wifepartn remov box purpos ascertain amount moni ce receiv process dissolv partnership ocr conclud action alleg breach report amount breach
## [1696] unencrypt laptop stolen employe vehicl laptop contain ephi patient inform issu includ patient name date birth gender medicaid identif number procedur code diagnosi follow discoveri breach ce notifi affect patient notifi media follow breach ce confirm encrypt laptop per ces polici sanction three involv employe
## [1697] n
## [1698] n
## [1699] unknown individu hack databas contain electron protect health inform ephi individu regist onlin cover entiti ce last eight year phi involv breach affect approxim patient includ name address date birth ce provid breach notif hhs affect individu follow breach ce shut “old” websit replac “new” websit improv safeguard block specif ip address strong authent area avail general public secur web browser result ocr’ investig ce creat new procedur protect ephi includ procedur inventori asset manag well track encrypt devic
## [1700] n
## [1701] n
## [1702] n
## [1703] cover entiti ce workforc member impermiss store protect health inform phi individu person comput portabl electron media order conduct research phi includ social secur number name initi age diagnos addit phi found workforc member resid ce provid breach notif total affect individu hhs follow breach respons workforc member longer employ ce ocr open complianc review va medic center consolid investig incid complianc review
## [1704] truste cover entiti ce capron rescu squad district remov laptop comput contain unencrypt electron protect health inform ephi individu facil mistaken belief laptop longer use ce provis health care servic gave laptop adult grandson ephi laptop includ individuals’ full name social secur number date birth home address medic histori ce recov laptop subject breach obtain written assur individu involv breach use disclos retain ephi store laptop ce provid breach notif hhs media affect individu ce improv safeguard encrypt ephi store comput includ laptop ocr obtain assur correct action list complet
## [1705] n
## [1706] n
## [1707] NA
## [1708] n
## [1709] cover entiti ce busi associ ba erron sent explan benefit letter eob contain protect health inform phi individu individu phi includ name address current procedur terminolog code cpt explan cpt code provid name date servic upon discoveri breach ce provid notic individu affect breach notifi media result ocr investig ocr provid technic assist regard requir breach notif rule ce ce publish media notic addit ce develop polici procedur requir qualiti control check ba addit ba adopt new softwar system valid content eob prior mail breach incid involv ba occur prior septemb complianc date ocr verifi ce proper ba agreement place restrict bas use phi requir ba safeguard phi
## [1710] n
## [1711] unencrypt hard drive contain electron protect health inform ephi individu stolen employe cover entiti ce busi associ ba medasset ephi includ name date birth social secur number account number medic record number charg incur amount paid admiss discharg date inform regard health insur elig applic government benefit program upon discoveri breach ce clara maass medic center file polic report provid breach notif hhs media affect individu post substitut notif websit result ocr investig ba retrain employe instruct employe stop use type extern storag devic contain ephi recal destroy unencrypt extern hard drive contain ephi addit ba improv technic safeguard encrypt extern hard drive instal new softwar system monitor control encrypt data leav bas comput ba also hire secur analyst supplement secur program breach incid involv ba occur prior septemb complianc date ocr verifi ce proper ba agreement place restrict bas use disclosur phi requir ba safeguard phi
## [1712] comput server belong former busi associ ba third parti administr assurecar risk manag inc hack server contain social secur number birth date name address gender physician hospitalfacil name link benefit payment inform includ type servic ie offic visit inpati stay lab xray physic therapi etc breach affect individu relationship ba cover entiti ashley industri mold inc employe welfar benefit plan end ba continu retain possess protect health inform phi relat plan’ particip requir law ce provid breach notif hhs affect individu media ocr review ba agreement ba ce contain provis regard use disclosur safeguard phi end also contain languag requir ba extend protect agreement ce’ phi agreement termin ce obtain assur ba shut server question follow breach maintain unsecur phi server ocr obtain written assur ce implement correct action note
## [1713] cover entiti ce workforc member lost extern hard drive contain electron protect health inform ephi individu travel extern hard drive includ name medic record number date admiss medic diagnos treatment inform ce notifi hhs media individu affect regard breach provid individu ident protect servic follow breach ce sanction workforc member involv retrain workforc member divis staff safeguard ephi addit ce establish mitig workgroup review polici procedur regard protect ephi creat new extern hard drive encrypt polici ocr obtain assur ce implement correct action list
## [1714] n
## [1715] n
## [1716] n
## [1717] unencrypt laptop contain electron protect health inform ephi individu stolen cover entiti ce offic ephi involv includ clinic evalu report test result patient name address phone number social secur number upon discoveri breach ce notifi affect individu ocr media follow ocr investig ce revis hipaa polici procedur implement addit physic safeguard facil instal encrypt softwar
## [1718] unencrypt compani laptop comput stolen car employe cover entiti ce laptop contain protect health inform phi individu includ name date birth social secur number medic record number diagnos ce provid breach notif hhs media affect individu respons incid ce implement polici requir encrypt laptop contain phi ce also provid employe train regard mobil devic encrypt refresh train hipaa ocr obtain assur ce implement correct action list
## [1719] n
## [1720] thirdlin subcontractor windsor health plan’ busi associ ba cvs caremark chang print format letter mail cover entity’ ce member potenti caus protect health inform phi visibl envelop window letter includ name address clinic inform individu rxamerica oper subsidiari cvs caremark subcontract mail servic accendo turn subcontract print servic progress direct mail pdm ce provid breach notif hhs affect individu media notif occur impact member exceed singl state geograph area howev cvs issu media releas regard incid respons incid accendo conduct full review incid notifi pdm format error ensur correct accendo also conduct onsit visit pdm facil implement new qualiti assur protocol intern valid step ocr obtain written assur ce provid breach notif indic
## [1721] n
## [1722] cover entiti ce gypsum manag suppli inc medic dental plan manag compani network drywal suppli yard offer group health plan employe may comput server ce’ former busi associ ba assurecar risk manag inc hack expos demograph clinic health insur inform ce’ employe mani longer work ce time breach ce provid breach notif hhs affect individu media breach incid involv ba occur prior septemb complianc date ocr verifi ce proper ba agreement place restrict ba’ use disclosur protect health inform phi requir ba safeguard phi ce’ intern investig reveal littl activ server result hack addit report misus inform report ocr obtain assur ce took correct action list
## [1723] n
## [1724] juli cover entiti ce memori health system now busi memori hospit – univers colorado health submit breach report explain former colorado spring occup health clinic csohc nurs impermiss access individuals’ medic record may carri impermiss access nurs util webbas electron health record ehr applic own oper ce util sever colorado spring area provid includ csohc ce provid breach notif hhs media affect individu base breach ocr’ investig ce termin former csohc nurse’ access ehr ultim replac ehr ce develop implement sever new privaci secur rule polici procedur conduct institutionwid hipaa train implement stricter audit control implement inform system activ review mechan addit involv nurs resign csohc ocr consolid unresolv issu breach anoth review ce
## [1725] employe work cover entiti ce took protect health inform phi premis purpos ident theft period three month employe impermiss access phi patient type phi involv breach includ name date birth medic record account number admiss visit date primari diagnos treat physician case social secur number ce notifi affect individu hhs media breach offer year enhanc credit servic affect upon full investig breach ce termin employe result incid ce initi correct action plan includ revis creat polici procedur prevent incid futur well retrain staff hipaa polici procedur ocr’ investig confirm appropri notif made correct action step taken
## [1726] four comput contain electron protect health inform ephi patient stolen cover entiti ce dr axel velez phi involv breach includ patients’ name address contact number partial social secur number date birth diagnost inform date visit patient number refer physician physicians’ telephon number insur inform ce provid breach notif hhs affect individu media follow breach ce improv physic secur repair backdoor entranc offic instal alarm system video surveil equip attach cabl lock workstat comput server portabl media devic move inventori equip offsit ocr provid technic assist ce regard risk analysi risk manag plan polici procedur requir secur rule
## [1727] unknown assail associ foreign ip address attempt bypass secur mechan comput server former third parti administr busi associ ba assurecar risk manag cover entiti ce lans communiti colleg dental care plan approxim individu affect breach server contain protect health inform phi regard ce’ particip name address social secur number clinic inform includ inform regard healthcar provid type servic ba provid breach notif hhs affect individu media follow breach ba shut unsecur server hire kroll background america forens comput secur servic investig natur extent unauthor access kroll’ find indic unlik ce’ member data taken ba also review reevalu secur polici relat ba agreement ocr obtain written document ba implement correct action list
## [1728] ce’ employe remov protect health inform patient ce’ premis period month order commit ident theft type phi involv breach includ name address date birth social secur number ce notifi affect individu hhs media breach offer year credit monitor affect follow breach ce termin employe initi audit program automat detect excess access phi electron health record system ocr’ investig confirm appropri notif made correct action step taken
## [1729] march hous raid secret servic discov protect health inform phi approxim patient cover entiti ce troy region medic center form admiss “face sheets” phi involv breach includ demograph inform patients’ name date birth social secur number medic record number ce accur identifi person respons breach electron medic record emr system due softwar error erron record multipl occas system access workforc member access system legitim busi purpos due softwar error ce effect assist crimin investig conduct local law enforc secret servic ce provid breach notif hhs media affect individu post substitut notic websit also provid tollfre inform number offer credit monitor one year respons incid ce work vendor increas data secur monitor implement automat logout emr system ce also updat ad polici procedur improv system review document implement verif user access right develop sampl audit log ce also retrain employe hipaa secur polici ocr obtain assur correct action list complet
## [1730] two unencrypt laptop comput contain electron protect health inform ephi individu stolen cover entiti ce offic ephi includ name date birth social secur number diagnost report demograph inform upon discoveri breach ce file polic report recov stolen item result ocr investig ce improv physic secur instal exit alarm lock surveil camera implement polici procedur requir manag monitor inappropri use facil rear exit ce also inventori ephi system adopt implement polici procedur workstat secur encrypt secur awar train electron devic media control
## [1731] n
## [1732] n
## [1733] cover entiti ce busi associ ba mail compact disk cd contain electron protect health inform ephi interoffic mail system deliveri anoth citi cd contain ephi individu lost en rout phi includ state medicaid children health plan data immedi follow breach ce complet risk analysi identifi addit concern develop risk manag plan ce provid breach notif affect individu hhs media provid substitut notif websit prevent similar breach happen futur ce requir futur ephi encrypt prior shipment ocr obtain assur ce implement correct action list
## [1734] unecrypt laptop comput unecrypt desktop comput joint contain electron protect health inform ephi individu stolen burglari comput contain patient name parent name minor patient date servic address phone number date birth social secur number diagnos prognos reportsevaluationsintervent observ recommend goal medic confidenti inform relay parent andor children verbal inform receiv schoolsdoctorsag involv patient ce provid breach notif hhs affect individu improv physic safeguard purchas monitor alarm system result ocr’ investig ce conduct risk analysi deploy encrypt workstat retrain employe notifi media breach
## [1735] n
## [1736] n
## [1737] n
## [1738] n
## [1739] n
## [1740] unencrypt portabl comput drive usb contain electron protect health inform ephi patient misplac found entiti offic ephi includ name address phone number date birth diagnosi code insur inform social secur number entiti provid breach notif affect individu hhs follow breach entiti replac miss drive encryptioncap usb drive provid secur lock storag facil mobil devic implement polici prevent remov devic offic ocr investig found entiti fact cover entiti privaci secur rule
## [1741] n
## [1742] n
## [1743] n
## [1744] n
## [1745] companyissu laptop comput contain protect health inform phi approxim individu stolen vehicl cover entiti ce employe phi includ demograph clinic inform ce provid breach notif affect individu hhs media creat tollfre number inform regard incid result incid ce contact law enforc retrain staff use portabl media initi risk analysi follow ocr investig ce review updat polici procedur ensur adequ safeguard institut new electron medic record system encrypt medic inform updat password requir comput retrain employe
## [1746] n
## [1747] n
## [1748] n
## [1749] cover entiti ce st josephberea discov extern backup hard drive attach workstat miss extern hard drive includ protect health inform individu includ patients’ name date birth inform relat bone densiti scan ce provid breach notif hhs affect individu media perform substitut notic post websit follow breach ce updat procedur limit use extern hard drive encrypt laptop desktop server portabl media devic improv safeguard monitor physic workstat access maintain observ camera result ocr’ investig ocr obtain assur correct action list complet
## [1750] three unencrypt desktop comput one unencrypt laptop comput need repair stolen employee’ vehicl stop home transport equip offsit locat main hospit home stop ce’ intern polici procedur expos protect health inform phi patient includ name address date birth social secur number ce provid breach notif hhs affect individu media also offer affect individu one year free credit monitor respons breach ce revis new employe upper manag orient materi reflect updat hipaa revis ce encrypt hard drive comput also updat polici procedur regard electron data use compani vehicl addit ce began distribut inform secur newslett employe ce sanction involv employe violat ce’ handl comput equip polici ocr obtain assur ce implement correct action list
## [1751] employe cover entiti ce va caribbean healthcar system left document contain protect health inform phi individu unsecur bag nurs station phi includ name social secur number patient care assign patient count patient census list upon discoveri breach ce secur phi provid breach notif hhs media affect individu result ocr investig ce disciplin retrain employe implement procedur nurs leadership requir conduct round ward vacat ce also retrain staff privaci secur polici procedur
## [1752] n
## [1753] n
## [1754] n
## [1755] bag contain page protect health inform phi nurs home resid encrypt laptop comput stolen vehicl employe cover entiti ce busi associ ba phi includ name date birth gender ident name nurs home medicaid number upon discoveri breach ce file polic report provid breach notif hhs media affect individu well offer one year free ident theft protect follow ocr investig ces ba termin employe retrain staff privaci secur polici includ leav laptop unoccupi vehicl addit ce remind contractor need safeguard confidenti inform review bas contractu oblig relat safeguard phi breach incid involv ba occur prior septemb complianc date ocr verifi ce proper ba agreement place restrict bas use disclosur phi requir ba safeguard phi
## [1756] n
## [1757] n
## [1758] employe cover entiti ce cvs caremark access patients’ protect health inform phi impermiss access print patient drug transfer report part scheme fill fraudul prescript prescript drug report disclos third parti employee’ boyfriend former employe anoth cvs store law enforc notifi ce breach march follow raid perpetrators’ home law enforc confisc paper document belong ce phi involv breach includ name address birthdat prescript number telephon number prescript name approxim individu ce provid breach notif hhs affect individu also offer free credit monitor respons incid ce immedi termin employe retrain pharmaci staff hipaa polici ce also provid evid individu sinc pharmaci licens suspend state licens board result ocr’ investig ocr obtain assur correct action list complet
## [1759] n
## [1760] thiev broke mmm healthcar inc facil locat humacao puerto rico stole four unencrypt desktop comput contain health plan members’ electron protect health inform ephi ephi store stolen comput includ name address phone number medicar number diagnosi treatment inform health plan name health plan member identif number health plan enrol inform health care claim inform social secur number ce provid breach notif hhs affect individu media follow breach ce repair damag wall improv physic secur facil surround premis result ocr’ investig ce encrypt comput locat region offic ocr obtain assur ce implement correct action list addit ocr state expect ce will perform thorough accur risk analysi establish risk manag plan addit ocr state expect ce will implement conting oper procedur implement secur polici procedur regular patch updat infrastructur ocr state expect ce encrypt ephi appropri document technic safeguard implement prohibit unauthor copi remov phi ephi premis
## [1761] thiev broke pmc medicar choic facil locat humacao puerto rico stole four unencrypt desktop comput contain health plan members’ electron protect health inform ephi ephi includ name address phone number medicar hic number diagnosi treatment inform health plan name health plan member identif number health plan enrol inform health care claim inform social secur number cover entiti ce provid breach notif hhs affect individu media follow breach ce repair damag wall improv secur facil surround premis ocr obtain assur ce implement correct action note result ocr’ investig ce encrypt comput locat region offic ocr state expect ce will perform thorough accur risk analysi establish risk manag plan addit ocr state expect ce will implement conting oper procedur implement facil secur plan’ polici procedur regular patch updat infrastructur ocr also state expect ce will encrypt decrypt ephi appropri document technic safeguard implement prohibit unauthor copi remov phi ephi
## [1762] n
## [1763] unsecur laptop contain electron protect health inform ephi approxim individu stolen car busi associ ba subcontractor phi includ name address date birth social secur number follow breach cover entiti ce notifi affect individu hhs media offer affect individu one year free credit monitor servic breach incid involv ba occur prior septemb complianc date ocr verifi ce proper ba agreement place restrict bas use disclosur phi requir ba safeguard phi
## [1764] unencrypt password protect laptop comput stolen employee’ home april cover entiti ce reid hospit health care servic report breach affect individu laptop contain name social secur number medicar number report entitl “psychiatr services” ce investig breach provid breach notif hhs affect individu media result ocr’ investig ce complet encrypt laptop desktop comput implement safeguard email system smartphon updat mobil media polici also complet new risk analysi implement action step risk manag plan ocr obtain assur ce implement correct action list
## [1765] unencrypt laptop stolen lock offic hospit laptop contain phi patient protect health inform involv breach contain demograph clinic data follow breach ce file polic report notifi affect patient notifi media addit ce expand encrypt polici includ laptop implement addit physic safeguard
## [1766] n
## [1767] n
## [1768] n
## [1769] n
## [1770] n
## [1771] n
## [1772] n
## [1773] cover entiti ce keith fisher dds pa discov march server hack potenti expos clinic demograph data individu ce provid breach notif hhs affect individu publish notic websit media respons breach ce increas inform system secur improv password polici implement log procedur track access failur chang access server access exist firewal virtual privat network tunnel ocr obtain assur ce implement correct action list
## [1774] cover entiti ce communiti action partnership natrona counti report breach affect approxim individu wherein assert virus infect comput export data ce provid breach notif hhs media upon investig ce determin protect health inform export breach result ocr complianc review ce improv safeguard protect comput virus malwar conduct risk analysi draft risk manag plan revis develop hipaa polici procedur
## [1775] n
## [1776] n
## [1777] n
## [1778] n
## [1779] n
## [1780] n
## [1781] februari union secur insur co polici holder notifi cover entiti ce access onlin account also abl access account polici holder approxim individu affect breach account includ name date birth social secur number identifi addit may employe ce impermiss email spreadsheet includ identifi data belong custom group ce approxim group member affect breach email includ name social secur number ce provid breach notif hhs affect individu media prevent similar breach happen futur ce disabl websit revers problemat code increas number vulner scan ce’ websit ce also retrain employe includ distribut revis polici procedur safeguard social secur number follow ocr’ investig ce prohibit social secur number document sent custom ce provid ocr document substanti action taken respons two breach incid
## [1782] n
## [1783] workforc member cover entiti ce busi associ ba save electron protect health inform ephi approxim patient unsecur comput drive order work home subsequ lost hard drive phi includ name address date birth marit status social secur number medic record number follow breach workforc member involv sanction violat ces polici ce provid breach notif media hhs affect individu also offer affect individu year free ident protect servic addit ce disabl abil comput devic download ephi via usb connect port began implement malici softwar prevent util well data encrypt control supplement portabl comput devic ocr obtain assur ce implement correct action list breach incid involv ba occur prior septemb complianc date ocr verifi ce proper ba agreement place restrict bas use disclosur phi requir ba safeguard phi
## [1784] n
## [1785] person laptop comput contain electron protect health inform ephi individu approxim adopt home studi stolen contractor vehicl ephi involv includ name address phone number date birth driver licens number health inform social secur number time breach cover entiti ce busi associ ba contract contractor follow ocr investig ce develop polici procedur obtain ba contract requir privaci rule verifi contractor longer busi relationship ce ocr obtain assur breach notif provid affect individu hhs media
## [1786] n
## [1787] n
## [1788] n
## [1789] n
## [1790] unencrypt desktop comput contain electron protect health inform ephi individu stolen cover entiti ce nyu langon medic center ephi includ name diagnos result diagnost test clinic inform upon discoveri breach ce file polic report provid breach notif hhs media affect individu result ocr investig ce direct staff store ephi network server desktop addit ce improv physic secur instal lock devic secur desktop comput latch guard offic door ce retrain staff polici procedur hipaa hitech complianc
## [1791] februari cover entity’ ce facil broken comput server three desktop comput extern hard drive stolen affect demograph clinic financi inform approxim individu ce rape brook orthodont pc provid breach notif hhs affect individu media result incid ce increas physic secur upgrad alarm system chang instal addit lock store server lock data closet ce also improv technic safeguard implement doublelay password protect comput encrypt data extern hard drive ocr obtain review ce’ relev hipaa polici procedur
## [1792] depart turn switch ba hie without notifi patient exchang obtain author interfac transmit phi individu phi disclos includ patient name address date birth social secur number identifi diagnosiscondit medic lab result treatment inform financi inform follow breach ce revis process creat checklist includ notifi affect depart provid addit train registr employe
## [1793] n
## [1794] cover entiti ce ship skin analysi machin contain electron protect health inform ephi approxim individu manufactur repair via up machin damag discard up ephi includ name date birth facial photograph ce post breach notif websit result ocr investig ce revis polici regard secur hardwar contain phi work hardwar will perform onsit polici also requir ephi back eras hardwar prior unavoid offsit mainten
## [1795] n
## [1796] n
## [1797] n
## [1798] n
## [1799] henri ford health system cover entiti ce report breach occur januari affect individu breach occur employe lost person portabl electron devic “flash” drive contain protect health inform phi phi involv breach includ clinic demograph inform ce provid breach notif affect individu media hhs resolv issu rais breach ce sanction employe involv breach base sever employee’ noncompli implement encrypt process purchas addit encrypt licens implement program receiv use encrypt flash drive march ocr obtain document assur ce implement correct action step ocr provid substanti technic assist ce secur rule’ risk analysi requir ce provid follow written assur ocr ce will creat robust asset manag program next month provid document ocr complet enterpris data map asset submit fulli execut copi busi associ agreement baa ocr upon signatur master servic agreement msa statement work sow data map servic vendor chosen case consolid exist investig ce
## [1800] n
## [1801] n
## [1802] n
## [1803] n
## [1804] n
## [1805] unencrypt clinic system backup tape contain electron protect health inform ephi individu stolen unlock vehicl employe cover entiti ce busi associ ba ephi includ name medic record number social secur number address telephon number health plan number date birth date admiss date treatment date discharg date death mother name next kin clinic inform relat diagnosi treatment prognosi laboratori test result medic upon discoveri breach ce file polic report recov stolen item provid breach notif hhs media affect individu result ocr investig ce termin ba agreement instal encrypt softwar backup media breach incid involv ba occur prior septemb complianc date ocr verifi ce proper ba agreement place restrict bas use disclosur phi requir ba safeguard phi
## [1806] n
## [1807] cover entiti ce accident mail protect health inform phi approxim individu individu mailmerg process mismatch name address phi involv breach includ name indic individu patient ce follow breach ce implement addit safeguard well polici procedur ensur mail list accuraci result incid ocr requir ce train workforc member newli develop polici procedur addit ocr provid technic assist regard substitut breach notif method includ conspicu post ces websit
## [1808] laptop contain electron protect health inform ephi approxim patient lost stolen laptop taken event workforc member follow breach cover entiti ce sanction workforc member respons handl laptop result ocr investig ce conduct risk analysi develop risk manag plan ce also remov ephi laptop encrypt laptop tablet cellular smart phone addit ce develop new procedur revis exist procedur order safeguard ephi
## [1809] list contain protect health inform phi patient stolen vehicl cover entiti ce employe breach phi includ name date birth social secur number medicaid inform follow breach ce chang practic procedur safeguard phi train staff new polici result ocr investig ce improv process report breach mitig harm
## [1810] n
## [1811] n
## [1812] portabl ultrasound machin contain electron protect health inform ephi approxim individu stolen cover entiti ce facil ephi involv breach includ patient name date birth limit health inform upon discoveri breach ce conduct privaci secur assess portabl machin identifi vulner follow ocr investig ce updat privaci secur polici retrain employe increas physic secur ensur reason safeguard
## [1813] unencrypt laptop stolen employe offsit laptop contain phi patient protect health inform involv breach contain name address procedur code follow breach ce file polic report notifi affect patient notifi media follow discoveri breach cover entiti encrypt exist laptop implement polici requir futur purchas laptop encrypt prior issu use
## [1814] n
## [1815] two diskett contain electron protect health inform ephi approxim individu lost cover entiti ce busi associ ba packag contain diskett damag mail carrier although one diskett eventu found diskett never recov ephi diskett includ name address date birth social secur number clinic inform upon discoveri breach ce obtain copi inform contain diskett notifi affect individu ocr media follow ocr investig ce termin contract ba involv incid provid evid assur ba agreement pertain return destruct ephi last ce enter account disclosur affect individu electron databas
## [1816] n
## [1817] n
## [1818] workstat cover entiti ce financ depart infect malwar record keystrok captur screenshot ce report individu potenti affect malwar type phi involv breach includ name address date birth benefit identif number social secur number case bank inform ce provid breach notif affect individu hhs media follow breach ce disconnect workstat network provid affect employe new login credenti new hard drive addit train ce updat privaci secur rule polici procedur initi mandatori annual supplement train employe ce improv safeguard implement addit network secur monitor program activ protect workstat environ limit prolifer malwar infect network ocr obtain assur appropri notif made correct action list complet
## [1819] n
## [1820] n
## [1821] n
## [1822] decemb cover entity’ ce facil broken unencrypt laptop stolen affect demograph inform approxim individu includ name address date birth social secur number ce provid breach notif hhs affect individu media ce increas physic secur instal secur system motion detector well motion sensor light outsid build ce also updat hipaa polici procedur reflect secur rule requir includ password protect requir encrypt ephi transit ocr obtain assur correct action list taken
## [1823] n
## [1824] n
## [1825] cover entiti ce network server contain electron protect health inform ephi patient hack type ephi involv breach demograph clinic inform includ diagnos treatment data follow breach ce hire third parti vendor resolv data crash creat data backup plan order restor offic function implement adequ safeguard ce also employ cloud servic increas secur new network server addit ce contact local fbi offic assist ces intern investig breach provid breach notif affect individu media hhs result ocr investig ce develop implement new protocol compli secur rule addit ce provid initi new train staff complet hire new network vendor implement new electron health record system account disclosur affect individu medic record
## [1826] bag contain compact disk read memori cdrom stolen vehicl physician associ cover entiti ce cdrom involv breach contain name date birth social secur number medic histori treatment inform approxim individu follow breach ce file polic report provid breach notif affect individu hhs media ce sanction retrain physician whose bag stolen implement organ wide improv complianc privaci secur rule result ocr investig cover entiti post substitut notif breach local paper confirm correct action step taken
## [1827] n
## [1828] n
## [1829] n
## [1830] n
## [1831] cover entiti ce staff physician email protect health inform phi approxim individu home email account work analysi phi includ name address date birth social secur number medic inform follow breach ce sanction physician implement plan autoencrypt phi sent email result ocr investig ce improv physic safeguard retrain employe
## [1832] n
## [1833] n
## [1834] n
## [1835] n
## [1836] n
## [1837] n
## [1838] pinnacl health system notifi busi associ medic transcript servic server compromis report pinnacl patient view onlin server compromis involv protect health inform individu protect health inform involv breach includ name medicaid id number date birth primari physician respons incid cover entiti took step enforc requir privaci secur rule cover entiti immedi discontinu relationship busi associ engag anoth medic transcript servic cover entiti also contract forens consult ensur caus compromis found trace breach medic report remov onlin inaccess futur
## [1839] n
## [1840] cover entiti ce hospit auxilio mutuo de puerto rico inc report novemb employe resign posit remov two comput hard drive laptop comput contain electron protect health inform ephi potenti affect individu ce initi report breach ephi includ name address zip code date birth social secur number diagnost condit treatment inform investig ce retriev hard drive laptop determin hard drive contain confidenti financi inform busi make decis ce includ type identifi eg patient name social secur number home address etc use reidentifi individu thus ce determin theft constitut breach ephi ce determin laptop inform technolog depart laptop contain financi data upper manag email result ocr’ investig ocr requir ce conduct risk analysi implement risk manag plan revis polici procedur retrain staff
## [1841] n
## [1842] program error busi associ system caus phi patient print letter sent patient print error affect approxim individualsth protect health inform involv breach includ patient name medic record number account balanc follow discoveri breach ba correct program error implement addit qualiti check addit ba notifi affect individu ce notifi local media
## [1843] n
## [1844] n
## [1845] unencrypt desktop comput contain electron protect health inform ephi individu stolen cover entiti ce king counti hospit center ephi includ name medic record number admiss treatment date diagnost treatment patholog andor medic inform telephon number age upon discoveri breach ce file polic report provid breach notif affect individu hhs media result ocr investig ce instal encrypt system intern extern comput laptop ce implement new polici prohibit staff store ephi local comput hard drive window desktop
## [1846] n
## [1847] n
## [1848] cover entiti ce busi associ ba profession transcript compani post electron protect health inform ephi individu websit portal ba ephi includ name date birth diagnosi clinic inform upon discoveri breach ba shut applic server ce newark beth israel medic center provid breach notif hhs media affect individu also post substitut notic websit result ocr investig ba locat ephi onlin contact googl block file contain ephi addit ba retrain employe regard secur polici ce termin ba agreement ba breach incid involv ba occur prior septemb complianc date ocr verifi ce proper ba agreement place restrict bas use disclosur phi requir ba safeguard phi
## [1849] tripl manag corpor “triples” behalf wholli own subsidiari tripl salud inc triplec inc tripl advantag inc former known american health medicar inc agre settl potenti violat health insur portabl account act hipaa privaci secur rule us depart health human servic offic civil right ocr tripl will pay million will adopt robust correct action plan correct defici hipaa complianc program effort alreadi begun “ocr remain commit strong enforc hipaa rules” said ocr director jocelyn samuel “ case send import messag hipaa cover entiti complianc requir secur rule includ risk analysi complianc requir privaci rule includ address busi associ agreement minimum necessari use protect health information” tripl insur hold compani base san juan puerto rico offer wide rang insur product servic resid puerto rico subsidiari tripl fulli cooper hhs investig case agre put place comprehens hipaa complianc program condit settlement receiv multipl breach notif tripl involv unsecur protect health inform phi ocr initi investig ascertain entities’ complianc hipaa rule ocr’ investig indic widespread noncompli throughout various subsidiari tripl includ failur implement appropri administr physic technic safeguard protect privaci beneficiaries’ phi impermiss disclosur beneficiaries’ phi outsid vendor appropri busi associ agreement use disclosur phi necessari carri mail failur conduct accur thorough risk analysi incorpor equip applic data system util ephi failur implement secur measur suffici reduc risk vulner ephi reason appropri level settlement requir tripl establish comprehens complianc program design protect secur confidenti integr person inform collect beneficiari includ risk analysi risk manag plan process evalu address environment oper chang affect secur ephi hold polici procedur facilit complianc requir hipaa rule train program cover requir privaci secur breach notif rule intend use member workforc busi associ provid servic tripl premis tripl help ocr technic assist alreadi begun take extens correct action requir correct action plan will continu work ocr come complianc hipaa “tripl commit protect privaci secur beneficiaries’ health inform implement correct action plan enter ocr” said presid ceo tripl manag corpor ramon m ruiz “ pleas agreement regard opportun strengthen privaci polici appreci ocr’ technic assist date look forward collabor future”
## [1850] cover entiti ce employe impermiss obtain copi patient data sheet contain protect health inform phi sold phi third parti phi includ name address date birth social secur number insur inform diagnos affect individu howev initi investig address report approxim affect individu ce provid breach notif individu includ potenti affect hhs media addit free credit monitor offer follow breach ce cooper feder author law enforc state health administr agenc provid report nation accredit organ result incid ce conven high level work group overse privaci secur issu hire expert forens investig perform risk assess ce updat privaci secur polici procedur develop plan adopt electron health record initi continu review process includ random hipaa complianc audit ce also expand hipaa train program employe ocr obtain written assur ce implement correct action list
## [1851] n
## [1852] henri ford health system cover entiti ce report breach occur septemb affect individu occur laptop comput stolen offic left unlock employe approxim four hour employe attend meet phi involv breach includ clinic demograph inform ce provid breach notif affect individu media hhs resolv issu rais breach ce sanction employe involv breach base sever employee’ noncompli implement encrypt process purchas addit encrypt licens implement program receiv use encrypt flash drive march ocr obtain document assur ce implement correct action step ocr provid substanti technic assist ce secur rule’ risk analysi requir ce provid written assur ocr will creat robust asset manag program next month provid document ocr complet enterpris data map asset submit fulli execut copi busi associ agreement baa ocr upon signatur master servic agreement msa statement work sow data map servic vendor chosen case consolid exist investig ce
## [1853] n
## [1854] encrypt laptop comput contain electron protect health inform ephi individu stolen cover entiti ce ephi includ name address date birth upon discoveri breach ce file polic report recov stolen item follow ocr investig ce disabl involv staff member account verbal counsel staff member retrain staff member ce also adopt implement secur polici procedur laptopstablet devic provid train staff
## [1855] n
## [1856] n
## [1857] n
## [1858] n
## [1859] aetna notifi possibl affect individu breach file breach report ocr commenc investig identifi correct root caus issu code chang caus breach remov ip via aetna emerg chang manag procedur prevent exposur problem analyz specif code conflict proxi server set identifi root caus breach remov also effort mitig harm result breach aetna offer affect individu one year free credit monitor notif letter includ tollfre number establish specif answer question relat incid
## [1860] novemb puerto rico depart health doh hybrid entiti report behalf cover entiti ce puerto rico health insur administr also known administracion de seguro salud de puerto rico discov two former staff member busi associ bas tripl salud tss triplec improp access restrict area tss’ proprietari internet ipa databas manag triplec inc staff member employ competitor abl gain access databas access right termin upon leav employ tss result electron protect health inform databas includ ce’ members’ name contract number home address diagnost code treatment code access doh provid breach notif hhs tss provid breach notif affect individu media due ocr’ investig ce commit conduct risk analysi implement risk manag plan revis polici procedur retrain staff within specifi period
## [1861] n
## [1862] n
## [1863] comput hard drive contain encrypt patient record stolen cover entiti ce safe hard drive contain clinic demograph inform approxim patient follow breach ce provid addit train staff ocr obtain assur ce implement correct action list
## [1864] n
## [1865] databas web server contain electron protect health inform ephi individu breach unknown extern person use game server although indic access ephi ephi databas web server includ name date birth type xray date xray follow breach cover entiti reloc two server secur primari data center remov internet access line result breach addit ocr investig result cover entiti improv administr safeguard incid respons report
## [1866] n
## [1867] laptop stolen workforc member home approxim individu affect phi includ address date birth diagnosi condit medic treatment inform follow breach cover entiti encrypt laptop initi ocr investig encrypt laptop complet
## [1868] protect health inform attach email address employe benefit staff member within day recipi notifi email delet approxim individu affect breach email includ name date birth social secur number marit disabl status prevent similar breach happen futur cover entiti institut polici encrypt email contain protect health inform sent benefit depart follow ocr investig cover entiti updat polici procedur establish new busi process requir email sent benefit offic staff member includ attach review anoth team member ensur proper document attach took personnel action respons employe benefit offic will use encrypt specialist train benefit offic staff proper method encrypt explor futur capabl autom flag electron communic sent benefit offic staff contain potenti sensit data digit number obtain addit hipaa train
## [1869] unencrypt laptop comput contain electron protect health inform ephi individu stolen cover entiti ce westm medic group ephi includ name date birth test result upon discoveri breach ce file polic report provid breach notif affect individu hhs media result ocr investig ce improv physic secur lock laptop day store laptop lock cabinet overnight addit ce reconfigur laptop strong password implement new procedur save data secur file server ce encrypt laptop hard drive ce also retrain staff safeguard ephi
## [1870] cover entiti ce medic record storag facil burglar result theft protect health inform phi individu phi includ name birth date social secur number address phone number primari care provid diagnosi code present complaint exam find insur inform date visit servic perform refer provid ce file polic report provid breach notif affect individu hhs media ce also conduct inventori stolen item creat account affect individu follow breach ce increas physic secur limit amount store phi expedit adopt electron medic record result ocr investig ce execut ba agreement storag facil document shred compani addit retrain workforc member revis hipaa polici procedur respect safeguard phi place account disclosur phi affect individu medic record ocr obtain assur ce implement correct action list
## [1871] unencrypt laptop network server stolen burglari officeth breach affect approxim individualsth protect health inform involv breach includ treatment inform pediatr dental patient social secur number insur identif number driver licens number follow discoveri breach ce reloc practic server secur laptop instal steel door front entranc facil addit ce notifi affect individu local media retrain staff
## [1872] n
## [1873] n
## [1874] n
## [1875] data breach result million hipaa settlement two health care organ agre settl charg potenti violat health insur portabl account act hipaa privaci secur rule fail secur thousand patient electron protect health inform ephi held network monetari payment includ largest hipaa settlement date us depart health human servic hhs offic civil right ocr initi investig new york presbyterian hospit nyp columbia univers cu follow submiss joint breach report date septemb regard disclosur ephi individu includ patient status vital sign medic laboratori result nyp cu separ cover entiti particip joint arrang cu faculti member serv attend physician nyp entiti general refer affili new york presbyterian hospitalcolumbia univers medic center nyp cu oper share data network share network firewal administ employe entiti share network link nyp patient inform system contain ephi investig reveal breach caus physician employ cu develop applic nyp cu attempt deactiv personallyown comput server network contain nyp patient ephi lack technic safeguard deactiv server result ephi access internet search engin entiti learn breach receiv complaint individu found ephi individu deceas partner former patient nyp internet addit impermiss disclosur ephi internet ocr investig found neither nyp cu made effort prior breach assur server secur contain appropri softwar protect moreov ocr determin neither entiti conduct accur thorough risk analysi identifi system access nyp ephi result neither entiti develop adequ risk manag plan address potenti threat hazard secur ephi last nyp fail implement appropri polici procedur author access databas fail compli polici inform access manag entiti particip joint complianc arrang share burden address risk protect health inform said christina heid act deputi director health inform privaci ocr case nyp cu remind health care organ need make data secur central manag inform system nyp paid ocr monetari settlement cu entiti agre substant correct action plan includ undertak risk analysi develop risk manag plan revis polici procedur train staff provid progress report
## [1876] n
## [1877] cover entiti ce lost two portabl electron storag devic contain electron protect health inform ephi individu ephi includ patient name date birth treatment inform upon discoveri breach cover entiti ce notifi individu hhs media addit ce initi project encrypt email extern hard drive relat electron media follow ocr investig ce file polic report updat polici procedur order better safeguard patient ephi encrypt portabl electron comput devic
## [1878] st vincent hospit health care center inc laptop comput contain protect health inform phi approxim individu stolen employee’ home type phi involv breach includ name date birth instanc social secur number diagnos procedur type physician name home work telephon number registr medic record number ce provid breach notif hhs media affect individu follow breach ce encrypt laptop updat polici procedur relat safeguard mobil devic implement new procedur regard physic secur laptop ocr obtain document ce implement correct action note
## [1879] cover entiti ce file breach report ocr two usb storag devic contain electron protect health inform ephi individu lost ephi includ name date birth treatment inform upon discoveri breach ce notifi individu ocr media addit ce initi encrypt project encrypt email extern hard drive relat media follow ocr investig ce file polic report updat polici procedur effort better safeguard ephi encrypt usb devic
## [1880] n
## [1881] ocr open investig cover entiti ce counsel psychotherapi throgg neck report password protect unencrypt desktop comput stolen contain protect health inform phi individu phi involv breach includ name address date birth social secur number diagnosi patient note demograph ce provid breach notif hhs affect individu media follow breach ce encrypt patient databas word process program comput ce improv physic safeguard chang lock fix one entranc door build ensur automat close ce also place secur guard five entranc build instal video surveil system ce also implement intern safeguard polici ensur last person offic ensur room vacant suit door lock upon leav result ocr’ investig ce agre includ effect date revis date polici includ document front page manual regard annual review polici
## [1882] n
## [1883] n
## [1884] n
## [1885] two unencrypt desktop comput one unencrypt laptop comput store electron protect health inform ephi approxim individu stolen cover entity’ ce premis breakin septemb ephi involv breach includ patients’ name thermal imag scan patients’ contact inform insur inform social secur number ce investig incid report theft local polic depart also provid breach notif hhs media affect individu follow breach ce move new facil secur system result ocr’ investig ce develop implement polici procedur relat complianc breach notif rule
## [1886] n
## [1887] briefcas contain paper document includ protect health inform phi approxim individu stolen employee’ car type phi involv breach includ clients’ name date birth small number client limit clinic inform cover entiti ce kent center provid breach notif affect individu media hhs follow breach ce sanction employe involv revis confidenti polici relat safeguard client list retrain employe addit result ocr’ investig ce revis updat breach notif polici reinforc requir privaci breach rule employe
## [1888] n
## [1889] employe cover entiti ce impermiss access medic record contain protect health inform phi patient period <U+FFFD><U+FFFD> year phi affect breach includ demograph inform individu demograph clinic inform individu follow breach ce conduct investig termin involv employe retrain employe regard patient privaci access phi enhanc supervis monitor employe phi access activ also provid breach notif affect individu hhs media well substitut notic websit ocr obtain assur ce complet voluntari complianc action describ
## [1890] n
## [1891] n
## [1892] busi associ prepar document part request propos cover entiti vision benefit program mistaken includ protect health inform individu document post onlin five day protect health inform involv breach includ social secur number date birth gender zip code vision plan enrol inform respons incid cover entiti implement addit safeguard prevent type impermiss disclosur protect health inform particular cover entiti will now requir sever layer review allow public disclosur document prepar busi associ cover entiti also took step enforc requir busi associ agreement aon consult aon will provid affect individu free credit monitor fraud resolut resourc ident theft insur addit busi associ provid assur cover entiti taken step prevent type impermiss disclosur futur
## [1893] n
## [1894] ocr open investig cover entiti ce newark beth israel medic center report employe ces busi associ ba kpmg llp lost unencrypt usb drive contain electron protect health inform ephi individu ephi includ name clinic inform upon discoveri breach ces ba conduct search area ce provid breach notif hhs media affect individu result ocr investig ba instal implement encrypt softwar electron equip devic addit ba encrypt password protect equip devic contain ces data ba also reprimand retrain employe retrain employe safeguard ephi breach incid involv ba occur prior septemb complianc date ocr verifi ce proper ba agreement place restrict bas use disclosur phi requir ba safeguard phi
## [1895] cover entiti ce long island consult center misplac unencrypt portabl devic contain electron protect health inform ephi individu ephi includ name date birth diagnos treatment inform upon discoveri breach ce conduct search portabl devic ce provid breach notif hhs media affect individu result ocr investig ce improv physic secur ce also develop implement polici procedur prohibit use portabl media store ephi train staff new polici
## [1896] blackberri person digit assist devic store protect health inform phi patient stolen workforc member type phi involv breach includ name birthdat diagnosescondit treatment inform ce provid breach notif hhs affect individu media offer ident theft protect servic individu follow breach ce encrypt password protect blackberri devic result ocr’ investig ce chang blackberri encrypt polici
## [1897] boston globe employe discov unsecur paper medic record pioneer valley patholog group practic offic insid holyok medic center hmc trash transfer station breach affect approxim individu phi involv breach includ name address date birth social secur number insur inform medic inform hmc cover entiti ce respons breach field breach report error ocr provid hmc technic assist relat breach notif ocr open complianc review ce respons breach
## [1898] employe laptop stolen lock offic evid show laptop password protect encrypt laptop contain protect health inform phi approxim individu phi store laptop includ name date birth social secur number intern encount number administr code follow breach cover entiti notifi individu reason believ affect breach place notic websit local news center establish stringent comput secur guidelin retrain staff new requir intent prevent similar event occur
## [1899] three desktop comput one laptop comput backup drive contain electron protect health inform ephi individu stolen juli ephi involv breach includ name address phone number date birth social secur number reason visit insur inform follow breach cover entiti implement backup whole disk encrypt electron inform system maintain ephi improv physic safeguard addit ocr investig result cover entiti improv administr safeguard password complex requir data backup protocol
## [1900] unsecur laptop comput contain sensit protect health inform phi involv ryan white part program involv approxim individu stolen offic build yale’ premis type phi contain laptop consist name date birth diagnosescondit medic lab result treatment inform cover entiti ce provid breach notif hhs media affect individu follow breach ce instal access card reader entri offic suit inspect facility’ alarm system replac custodi staff limit clean offic hour ce also acceler implement safeguard creat prior theft implement mandatori encrypt mobil devic creat new system ensur employe complet mandatori privaci secur awar train ce also revis sever polici procedur ephi secur ocr obtain assur ce implement correct action list
## [1901] physician ce lost flash drive routin use data backup remot access patient data flash drive contain name date birth treatment note approxim patient follow breach ce notifi affect individu ce retrain physician lost flash drive implement organizationwid decis prohibit storag protect health inform remov electron devic result ocr’ investig ce notifi media post substitut notif websit
## [1902] cover entity’ ce comput server contain electron protect health inform ephi patient stolen offic burglari server passwordprotect encrypt type ephi involv breach includ name address date birth social secur number medic inform ce provid breach notif hhs affect individu media post substitut notic follow breach ce encrypt ephi comput workstat server result ocr’ investig ce improv physic safeguard retrain employe
## [1903] three password protect desktop comput auxiliari hard drive contain electron protect health inform ephi stolen cover entiti ce redland periodont group loma linda univers school dentistri ephi involv breach includ demograph inform individu ce provid breach notif hhs affect individu media follow breach ce conduct onsit audit periodont clinic conduct risk assess clinic purview school dentistri ce improv safeguard replac clinic’ comput comput contain local hard drive storag issu remot access credenti reloc paper patient chart deactiv access network resourc periodont facil also decommiss associ equip network dispos comput equip use conjunct daili oper periodont facil addit ce retrain staff regard hipaa polici procedur ocr obtain assur ce implement correct action list
## [1904] idaho power group health plan busi associ mercer health benefit lost backup tape sent via fedex bois seattl backup tape contain inform individu mercer servic total affect idaho power current former employe depend protect health inform involv includ name address date birth social secur number although mercer conclud lost tape configur even sophist user unlik abl access data within mercer idaho power notifi possibl affect individu offer free credit protect servic prevent similar breach occur futur mercer now store backup tape third parti vendor offer secur transport servic mercer bois offic now encrypt backup tape follow incid idaho power renegoti contract mercer continu evalu busi relationship mercer
## [1905] cover entiti improp dispos patient protect health inform phi place phi dumpster outsid doctor offic phi involv breach includ demograph financi clinic medic inform follow breach cover entiti notifi affect individu breach post notic incid websit attempt retriev track medic record inappropri dispos offer affect individu ident theft protect obtain formal apolog assum direct offic oper manag physician involv reeduc workforc reinforc polici relat appropri medic record protect dispos requir
## [1906] comput malwar detect cover entity’ ce unencrypt bill softwar program “therapist helper” ce know malwar enter system approxim individu potenti affect malwar virus type protect health inform phi involv includ demograph financi claim inform clinic inform diagnosescondit medic lab result treatment inform follow breach ce appli secur privaci safeguard mitig harm implement sanction ce also report work cooper local law enforc result ocr’ investig ce implement process deploy softwar detect prevent mitig malwar comput instal new comput system segreg electron phi implement addit procedur increas awar ensur complianc technic physic safeguard ce also place account disclosur medic record affect individu compli applic notif provis breach notif rule
## [1907] n
## [1908] follow breach cover entiti notifi client letter incid submit press releas outlin circumst breach chicago tribun chicago sun time requir individu alleg stole document return physic patient phi possess sign statement swear longer possess patient document use disclos phi manner eras excel spreadsheet possess instal new secur system offic requir input code specif employe implement new technic safeguard limit employe access ephi accord employe posit rank
## [1909] passwordprotect laptop maintain cover entiti ce aultman hospit stolen employee’ car contain electron protect health inform ephi approxim individu includ patients’ name date birth telephon number social secur number insur identif health inform relat home health servic ce provid breach notif hhs affect individu media post notif breach websit report theft local polic depart ce also offer one year free credit monitor servic affect individu follow breach ce revis hipaa polici procedur enhanc encrypt updat softwar laptop sanction employe involv breach incid retrain workforc revis polici procedur ocr obtain document evidenc ce implement correct action list
## [1910] n
## [1911] sever comput includ server stolen burglari cover entiti ce premis breach affect approxim individu includ name address date birth social secur number driver licens number diagnos condit follow breach ce provid breach notif affect individu media hhs also improv physic secur began use new model manag practic offsit encrypt databas initi ocr investig ce amend busi associ agreement
## [1912] n
## [1913] june laptop comput contain phi mistaken discard trash laptop comput contain protect health inform approxim individu protect health inform involv breach includ patient full name first initi last name date servic case brief descript medic condit care follow breach cover entiti submit evid progress implement encrypt laptop comput various depart
## [1914] social secur number inadvert print address label newslett mail mail recipi cover entiti act mitig disclosur verifi mail correct deliv also counsel respons employe updat polici procedur
## [1915] n
## [1916] n
## [1917] cover entiti ce staff inadvert sent twentythre box contain protect health inform phi patient recycl center phi includ patient full name address date birth social secur number insur identif number driver licens number diagnos medic inform check save account number credit debit card number photograph patient follow breach ce immedi took step record return ce notifi hhs media individu affect breach establish toll free number patient call inform ce cooper state attorney general investig suspend respons staff member follow ocr investig ce place record account disclosur log individu affect termin employ staff involv breach addit ce revis polici procedur regard right individu safeguard phi retrain staff
## [1918] cover entiti ce busi associ ba sent coverag determin letter incorrect address affect individu protect health inform phi includ name address uniqu ce identif number prescript drug inform follow breach ce reprint erron coverag determin letter apolog notic provid breach notif affect individu hhs ce implement addit polici procedur ensur mail list accuraci specif ce implement multiplestep qualiti assur process establish verif ba breach incid involv ba occur prior septemb complianc date ocr verifi ce proper ba agreement place restrict bas use disclosur phi requir ba safeguard phi result ocr investig ce place record account disclosur record individu impact
## [1919] unencrypt laptop comput stolen administr offic laptop contain protect health inform phi approxim patient origin report type phi involv breach includ demograph clinic inform pediatr cardiolog patient includ name medic record number date servic diagnos date birth follow breach cover entiti ce texa children’ hospit baylor colleg medicin file separ breach report joint notifi affect individu local media delay due law enforc request result ocr’ investig ce revis sever inform technolog polici modifi physic safeguard
## [1920] n
## [1921] burglari occur cover entiti ce facil two desktop comput contain protect health inform phi stolen approxim individu affect phi involv includ name address date birth social secur number diagnos condit medic treatment inform ocr close investig determin individu report breach work ce longer exist
## [1922] n
## [1923] n
## [1924] file server offic health servic compromis impermiss access compromis potenti expos prescript record individu unauthor sourc protect health inform involv breach includ name address diagnost code name medic prescrib medic cost social secur number follow discoveri breach uta remov server network notifi affect individu notifi local media follow breach cover entiti also replac oper system implement addit technic safeguard
## [1925] n
## [1926] ocr open investig cover entiti ce montefior medic center report three unencrypt desktop comput stolen contain electron protect health inform ephi individu ephi includ name medic record number date birth parent guardian contact number asthma diagnos vaccin inform number visit school health clinic upon discoveri breach ce file polic report provid breach notif affect individu hhs media result ocr investig ce updat build alarm includ addit motion sensor instal surveil camera ce encrypt comput advis ephi store desktop hard drive remov ephi comput store ephi central secur network server ce also revis polici procedur password manag provid train staff new polici
## [1927] two unencrypt desktop comput contain electron protect health inform ephi individu stolen cover entiti ce ephi includ medic record number date birth admiss discharg date bill code social secur number upon discoveri breach ce file polic report provid breach notif hhs media affect individu also provid substitut notif post websit result ocr investig ce replac build alarm instal bar window addit ce direct staff save patient data central network drive move ephi store desktop hard drive central secur network server encrypt comput ce also revis polici procedur password manag provid train staff new polici
## [1928] n
## [1929] n
## [1930] n
## [1931] n
## [1932] laptop comput contain electron protect health inform ephi individu stolen workforc member’ vehicl type ephi includ name birthdat social secur number claim inform financi inform diagnosescondit medic lab result treatment inform cover entiti ce sunbridg healthcar corpor provid breach notif hhs affect individu media provid individu ident theft protect servic result ocr’ investig ce updat risk analysi reeduc workforc member proper laptop secur protocol instal encrypt softwar protect ephi
## [1933] cover entiti ce univers florida depart epidemiolog health polici research mail approxim letter contain identifi address label adapt either child’ social secur number medicaid identif number type protect health inform phi involv breach includ name social secur number florida medicaid number patient ce provid breach notif hhs affect individu media follow breach ce recal faulti file print compani medic survey compani updat procedur form ensur data handl accord privaci rule ce provid ocr train schedul research coordin institut child health polici ichp includ yearlong train section dedic regulatori complianc includ import hipaa data secur ce also sanction employe involv breach ocr’ investig result ce improv physic safeguard retrain employe
## [1934] cover entiti ce long island consult center misplac unencrypt portabl devic contain electron protect health inform ephi individu ephi includ name date birth diagnos treatment inform upon discoveri breach ce conduct search portabl devic ce provid breach notif hhs media affect individu result ocr investig ce improv physic secur ce also develop implement polici procedur prohibit use portabl media store ephi train staff new polici
## [1935] cover entiti ce misplac unencrypt usb drive contain electron protect health inform ephi individu ephi includ name medic record number age gender procedur attend physician name anesthesiologist name type anesthesia time arriv recoveri room time discharg upon discoveri breach ce report incid intern secur possibl theft conduct thorough search perimet ce provid breach notif hhs media affect individu result ocr investig ce stop use usb drive local desktop comput data storag addit ce updat physic secur recoveri room instal data prevent softwar monitor block encrypt mobil media use ce ce purchas encrypt usb drive workforc member identifi need download store ephi ce also revis mobil devic portabl storag media polici retrain workforc member polici
## [1936] n
## [1937] major flood event damag build ce oper schoolbas program offic flood signific area deem feder disast area estim individu affect loss data due flood damag type phi involv name address date birth social secur number flood ce attempt collect much phi site access limit author build deem toxic salvag cleanup commenc prior ces abil access build phi paper format either wash away dispos salvag procedur comput equip build destroy water damag ce reli primarili electron health record store offsit server medic data still intact continu care purpos ce provid breach notif individu hhs media post substitut notic websit ce sinc move schoolbas oper ce own facil ocr obtain assur ce implement correct action list
## [1938] n
## [1939] n
## [1940] busi associ employe sent email multipl patient without conceal patient email address messag concern dietari program name email address visibl recipi breach affect individu respons incid cover entiti took step enforc requir busi associ agreement aramark busi associ counsel employe respons breach retrain employe may communic patient via email requir privaci secur rule well relat polici procedur
## [1941] n
## [1942] ocr investig cover entiti ce follow report main server desktop comput contain electron protect health inform ephi individu taken ces offic ephi involv breach includ patient name address date birth social secur number result ocr investig ce chang privaci secur polici retrain employe provid addit physic secur better safeguard patient ephi
## [1943] n
## [1944] laptop comput contain protect health inform phi approxim individu stolen cover entiti ce univers kentucki depart pediatr inform part new born screen program sent depart state screen program type phi involv breach includ demograph inform specif name address date birth social secur number identifi clinic inform result ocr’ investig ce provid ocr updat status report encrypt project previous report one correct measur also train workforc member encrypt comput devic provid remind workforc member facil lock procedur addit ce provid report inform secur assess detail secur gap evid risk analysi along recommend remedi gap identifi assess ce also improv physic safeguard ce provid document complianc applic notif provis breach notif rule also updat account disclosur polici draft new polici relat account disclosur regard breach incid
## [1945] n
## [1946] ocr open investig cover entiti ce comprehens care manag corpor report two former employe sent email contain electron protect health inform ephi individu person email account open competitor organ ephi includ name address enrol inform upon discoveri breach ce conduct intern inquiri found former employe disclos ephi competitor result ocr investig ce replac strengthen extern firewal restrict access email websit restrict use portabl devic limit abil upload data extern websit evalu new monitor control softwar network inform addit ce provid train staff hipaa polici procedur ce also enter agreement competitor hire former employe return destroy ephi
## [1947] car contain unencrypt laptop comput stolen west monro partner contractor cover entiti ce busi associ ba dentaquest laptop store databas contain electron protect health inform ephi approxim individu includ data ces member type phi involv breach includ name social secur number date certain provid identif number ce ba work togeth provid breach notif affect individu media offer free credit monitor enhanc credit servic affect individu one year ce report breach hhs provid substitut notif websit ba implement procedur ensur third parti laptop connect network employ disk encrypt ba establish polici prohibit contractor store phi laptop breach incid involv ba occur prior septemb complianc date ocr verifi ce proper ba agreement place restrict bas use disclosur phi requir ba safeguard phi
## [1948] n
## [1949] paper correspond certain member unitedhealth prescript drug plan advert sent incorrect temporari address due databas administr error approxim individu affect breach unitedhealth member name plan number instanc date birth andor limit medic inform unit health report stop use pdis proprietari databas address updat made outbound verif call member get accur temporari address unit health report revis address updat process
## [1950] password protect laptop comput contain protect health inform phi stolen dr saran person resid laptop contain phi approxim individu phi store laptop includ patient name address date birth social secur number insur inform diagnos follow breach dr saran notifi northvill township polic depart theft contact individu reason believ affect breach sent notic breach detroit free press monro news instal encrypt softwar bill softwar
## [1951] cover entiti busi associ ba siemen medic solut usa inc ship seven unencrypt compact disk cds contain electron protect health inform ephi individu cover entiti ce lincoln medic mental health center cds contain backup data lost transit ephi includ name address social secur number medic record number health plan inform date birth date admiss discharg diagnost procedur code driver licens number ce provid breach notif affect individu hhs media upon discoveri breach ce direct ba ceas use ship servic mean transport cds result ocr investig ba adopt procedur encrypt cds ce also implement procedur senior employe ba physic deliv encrypt cds ce breach incid involv ba occur prior septemb complianc date ocr verifi ce proper ba agreement place restrict bas use disclosur phi requir ba safeguard phi
## [1952] two laptop comput question encrypt contain electron protect health inform ephi individu stolen cover entiti ce premis type ephi involv includ demograph clinic inform diagnosescondit medic lab result treatment data discov breach ce report theft law enforc work local polic recov laptop result ocr investig ce develop implement new polici procedur compli secur rule ce also provid breach notif affect individu hhs media place account disclosur medic record affect individu
## [1953] unencrypt laptop comput contain electron protect health inform ephi individu stolen workforc member car ephi store laptop includ name medic record number servic receiv cover entiti ce provid breach notif affect individu hhs media follow breach ce establish new intern procedur encrypt new comput given employe ocr obtain assur ce implement correct action list
## [1954] outsid computer’ uniqu numer code internet protocol address access cover entity’ ce websit contain databas contain protect health inform patient type phi involv breach includ name social secur number treatment inform ce provid breach notif hhs affect individu follow breach ce disabl websit contain breach phi result ocr’ investig ce remov social secur number site ad time featur retrain staff complet risk assess
## [1955] n
## [1956] employe laptop stolen bag make admiss visit patient home evid show although cover entiti polici encrypt passwordprotect comput particular comput requir password time invoic contain protect health inform phi approxim individu phi store laptop includ name address date birth phone number social secur number medicar number electron health record commerci insur inform follow breach cover entiti notifi client incid place notic websit daili herald sanction employe chang secur set laptop question establish stringent comput secur guidelin retrain staff new requir intent prevent similar event occur
## [1957] n
## [1958] n
## [1959] n
## [1960] may cover entiti ce ocone physician practic discov passwordprotect unencrypt laptop comput use ekg test miss facil loss potenti expos demograph clinic inform individu ce provid breach notif hhs affect individu media ce improv safeguard chang access code physic lock build retrain workforc import password protect laptop secur ce develop plan creat stronger polici asset track account activ monitor upgrad procedur password strength automat logoff capabl limit number signon attempt ce also develop plan encrypt laptop portabl media contain electron protect health inform ephi ocr review ce’ polici procedur support document
## [1961] cover entiti ce univers rochest medic center affili report april patient bill statement strong memori hospit sent wrong patient statement contain patients’ name address guarantors’ name guarantors’ address dollar amount owe health insur plan subscrib number social secur number general descript servic render inpati room charg outpati visit charg physic therapi laboratori pharmaci radiolog etc date servic ce provid breach notif hhs affect individu media result breach ce establish numer counter ensur number statement run fold machin match number statement print addit report ad statement bundl distribut print center identifi number page print statement run qualiti control process put place second staff member manual inspect stuf envelop random basi ensur correct number page insert well verifi content patient result ocr investig ocr review copi ce’ risk assess polici procedur relat use disclosur protect health inform phi safeguard phi
## [1962] n
## [1963] employe cover entiti email protect health inform phi offsit research offic cover entiti violat review preparatori research protocol research offic store electron inform extern hard drive later stolen devic contain phi individu phi involv breach includ name date birth clinic inform respons incid cover entiti termin transmiss phi research offic gave respons employe verbal warn counsel addit cover entiti undertook review research affili involv phi hospit patient confirm appropri document procedur place
## [1964] comput network server televis stolen cover entiti ce silicon valley eyecar ce’ network sever contain electron protect health inform ephi approxim individu includ demograph inform social secur number diagnos insur inform ce investig incid provid breach notif hhs affect individu media result ocr’ investig ce provid recent risk analysi risk manag plan secur train program polici procedur regard administr physic technic safeguard
## [1965] unencrypt laptop comput contain protect health inform phi approxim individu stolen person vehicl phi includ name address phone number date birth social secur number treatment histori driver licens number cover entiti ce provid breach notif affect individu hhs media result ocr investig cover entiti implement new polici procedur retrain staff instal encrypt softwar workstat
## [1966] cover entiti ces employe place paper record contain protect health inform phi unsecur box left undiscov public park garag four day box contain phi patient phi includ treatment record product report code inform name medic treatment condit diagnos social secur number upon discoveri breach ce notifi affect individu provid credit protect whose social secur number breach ce provid ocr copi breach prevent polici procedur follow ocr investig employe left record resign posit ce improv breach respons procedur
## [1967] cover entiti ce pharmaci log book contain protect health inform phi individu misplac never recov phi affect breach includ name partial social secur number follow breach ce provid breach notif requir hipaa breach notif rule instruct employe ceas practic keep log book follow ocr investig ce revis andor updat polici procedur respect safeguard phi regard logbook establish written employe agreement implement employe author process establish safeguard addit ce provid train staff pharmaci depart regard use logbook account disclosur affect individu account log
## [1968] n
## [1969] n
## [1970] n
## [1971] march cover entiti ce unitedhealth group discov remitt form contain member inform accompani paper check stolen invoic contain protect health inform phi individu type phi includ demograph claim inform ce provid breach notif hhs affect individu media provid affect individu credit monitor servic follow breach ce review payment remitt inform control notifi provid call center remain high level alert monitor remitt payment ocr obtain assur ce implement correct action list
## [1972] busi associ ba tower watson cover entiti ce general agenc welfar benefit program lost two electron media disk contain protect health inform phi transport disk two ba offic disk contain name health plan number social secur number individu ba notifi affect individu provid two year enhanc credit servic ce notifi hhs media post substitut notic websit ce ba destroy phi retain ba execut new ba agreement remain phi ba unabl destroy archiv file ocr investig ce updat privaci breach notif polici procedur
## [1973] n
## [1974] two laptop comput contain electron protect health inform ephi approxim individu stolen ce ephi includ patient name date birth social secur number ce provid breach notif affect individu hhs media result ocr investig ce instal encrypt softwar increas physic secur
## [1975] comput stolen clinic manag servic officef stolen comput contain protect health inform approxim individu protect health inform involv breach includ name date birth social secur number referr number encount number facil member id diagnosi procedur andor diagnosi code result incid st joseph notifi potenti affect individu notifi local media instal secur camera retrain employe instal encrypt softwar laptop comput enterprisewid ocr investig result cover entiti improv physic technolog safeguard retrain employe
## [1976] n
## [1977] cover entiti ce donat file cabinet contain protect health inform phi individu clean phi includ member name address telephon number social secur number medicar identif number cover entiti ce provid breach notif hhs affect individu media offer affect individu free credit monitor period one year follow breach ce sanction employe involv incid held mandatori train regard hipaa privaci secur rule depart involv breach ce also revis polici offic move ocr obtain assur ce implement correct action list
## [1978] n
## [1979] laptop comput stolen cover entiti offic former employe damag laptop comput contain phi approxim individu comput contain limit amount phi includ client name one follow address phone number social secur number insur provid name polici number medic diagnost code medic equip follow breach cover entiti notifi affect individu media hhs breach addit cover entiti complet laptop encrypt project cover phi store comput offic addit ocr investig result cover entiti reinforc requir hipaa employe
## [1980] nurs impermiss use protect health inform phi approxim patient obtain narcot cover entiti ce tomah memori hospit use phi involv breach includ patients’ name account number ce provid breach notif hhs affect individu media follow breach ce improv safeguard creat month audit schedul ii narcot match dispens log medic order bill ocr obtain assur ce implement correct action list ce also termin involv employee’ employ
## [1981] settlement us depart health human servic hhs affin health plan inc will settl potenti violat health insur portabl account act hipaa privaci secur rule affin health plan notforprofit manag care plan serv new york metropolitan area affin file breach report hhs offic civil right ocr april requir health inform technolog econom clinic health hitech act hitech breach notif rule requir hipaacov entiti notifi hhs breach unsecur protect health inform affin indic inform repres cbs even news part investigatori report cbs purchas photocopi previous leas affin cbs inform affin copier affin use contain confidenti medic inform hard drive affin estim individu may affect breach ocr investig indic affin impermiss disclos protect health inform affect individu return multipl photocopi leas agent without eras data contain copier hard drive addit investig reveal affin fail incorpor electron protect health inform ephi store photocopi hard drive analysi risk vulner requir secur rule fail implement polici procedur return photocopi leas agent settlement illustr import remind equip design retain electron inform make sure person inform wipe hardwar recycl thrown away sent back leas agent said ocr director leon rodriguez hipaa cover entiti requir undertak care risk analysi understand threat vulner individu data appropri safeguard place protect inform addit payment settlement includ correct action plan requir affin use best effort retriev hard drive contain photocopi previous leas plan remain possess leas agent take certain measur safeguard ephi
## [1982] unencrypt laptop stolen employe vehicl laptop contain protect health inform approxim individu protect health inform involv breach includ name address date birth social secur number diagnos medic treatment inform follow discoveri breach cover entiti revis polici retrain staff implement addit physic technic safeguard includ encrypt softwar cover entiti also remov stolen laptop access server sanction involv employe notifi affect individu notifi local media
## [1983] n
## [1984] n
## [1985] cover entiti ce vhs genesi lab inc misplac month’ worth client invoic never locat invoic contain protect health inform phi individu includ name date birth medic test inform ce provid breach notif hhs affect individu media place notic websit follow breach ce arrang busi associ handl mail invoic ocr obtain assur ce implement correct action list
## [1986] n
## [1987] extern hard drive contain ephi individu stolen ephi includ first last name medic record number date birth laboratori test inform data social secur number ce advis ocr notic individu went april media st petersburg time notifi ce ad email will now password protect encrypt result loss ce initi encrypt project encrypt extern hard drive relat media
## [1988] n
## [1989] n
## [1990] n
## [1991] laptop comput stolen workforc member car laptop comput contain protect health inform approxim individu protect health inform involv breach includ name address date birth social secur number lab result follow breach cover entiti encrypt laptop comput
## [1992] cover entiti sent postcard approxim patient list patient demograph inform statement read physician move name descript practic infecti diseas specialist type phi involv demograph clinic inform voluntari action taken prior ocr investig includ issuanc sanction review polici procedur
## [1993] three unencrypt extern backup drive stolen safe cover entiti lock offic laptop comput contain protect health inform approxim individu protect health inform involv breach includ name address phone number date birth social secur number insur inform treatment histori follow breach cover entiti move backup data offsit encrypt workstat addit ocr investig result cover entiti improv physic safeguard retrain employe
## [1994] unencrypt laptop comput contain electron protect health inform ephi individu stolen cover entiti ce mobil dental van ephi includ name date birth medic record number dental xray upon discoveri breach ce file polic report provid breach notif hhs media affect individu result ocr investig ce revis procedur ephi store data center rather mobil dental van laptop addit ce encrypt mobil dental van laptop improv physic secur van ce develop new polici ephi secur retrain staff ocr obtain assur ce implement correct action list
## [1995] januari breakin one thrivent offic five laptop comput stolen four five laptop recov miss laptop comput contain protect health inform approxim individu protect health inform involv breach includ name address date birth social secur number prescript drug medic condit age weight etc thrivent provid ocr addit control remedi caus secur breach various stage implement action taken ce prior ocr formal investig brought ce complianc
## [1996] employee’ car broken tote bag paper spreadsheet contain protect health inform phi stolen spreadsheet contain phi pertain patient includ patients’ name age weight race social secur number blood tissu type cover entiti ce north carolina baptist hospit provid breach notif hhs affect individu media offer affect individu year credit monitor servic along tollfre number contact follow breach ce review applic polici procedur clinic respons revis spreadsheet longer includ patients’ social secur number counsel warn involv employe requir proper safeguard phi addit chief execut offic medic center email employe reeduc import proper safeguard phi expect complianc commit adher feder state privaci secur law result ocr’ investig ce provid altern secur way electron access clinic spreadsheet instal video camera park dock extern inspect employe vehicl assur phi visibl ce establish privaci inform secur council help identifi way improv strengthen privaci secur polici practic
## [1997] n
## [1998] laptop contain certain inform collect approxim individu refer shand uf gi clinic servic stolen privat resid employe stolen inform includ patient name social secur number medic record number result incid employe counsel supervisor issu written correct action day suspens provid addit hipaa train ocr review shand uf recent risk analysi risk manag plan reveal high risk find relat encrypt workstat use physic secur ocr investig found shand uf implement appropri technic safeguard secur vpn network connect network storag workforc usag encrypt usb portabl flash drive pgp whole disk encrypt
## [1999] ocr open investig cover entiti ce prefer health partner fka central brooklyn medic group report appoint schedul patholog report portion medic record contain protect health inform phi individu stolen offic phi includ name age telephon number social secur number medic insur inform patholog report clinic inform upon discoveri breach ce file polic report work law enforc author recov much phi possibl stolen result ocr investig ce remov phi social secur medic insur number track log addit ce improv safeguard store log binder lock area shred document regular ce replac manual process print certain record electron verif system ce also archiv store site lock paper record retrain staff hipaa polici procedur
## [2000] n
## [2001] comput contain electron protect health inform ephi individu stolen offic cover entiti ce ephi includ patient name address date birth social secur number driver licens claim inform diagnos condit result loss ce upgrad alarm system replac server hous storag secur lockup ce also notifi affect individu media appropri govern agenc law enforc addit ce establish officebas hotlin assist affect individu result ocr investig ce implement regular schedul secur risk analys instal window bar roll shutter four video surveil camera physic secur measur prevent theft
## [2002] n
## [2003] cover entiti ce mail wrong inform individu base corrupt data file receiv state agenc type phi involv name date birth social secur number member identif number case diagnos treatment condit medic follow breach ce immedi fix corrupt file mail correct letter ce provid breach notif hhs media affect individu provid substitut notif post websit also offer affect individu one year free credit monitor comprehens credit servic ce also work state agenc implement new procedur improv safeguard phi ocr obtain assur ce implement correct action list
## [2004] desktop comput contain ephi approxim individu stolen cover entiti ce lock medic suit phi involv breach includ name date birth medic record number ultrasound inform exam date reason ultrasound comput stolen use proprietari softwar special electron key access phi ce provid breach notif affect individu hhs media post substitut notif websit follow breach ce work law enforc identifi possibl suspect ce upgrad facil access control includ proxim card reader everi locat store phi result ocr investig ce updat risk analysi carri addit risk manag activ
## [2005] cover entiti ce busi associ ba erron merg two list led disclosur protect health inform phi individu phi includ name intern identif number number emerg room visit upon discoveri breach ces ba establish qualiti control process order ensur adequ safeguard letter sent mail result ocr investig ce creat implement addit polici procedur qualiti control mail ce also provid train staff revis privaci secur polici procedur
## [2006] cover entiti ce busi associ ba erron merg two list led disclosur protect health inform phi individu phi includ name intern identif number number emerg room visit upon discoveri breach ces ba establish qualiti control process order ensur adequ safeguard letter sent mail result ocr investig ce creat implement addit polici procedur qualiti control mail ce also provid train staff revis privaci secur polici procedur
## [2007] januari bcbsri notifi page report pertain brown univers health plan impermiss disclos two bcbsri agent report contain phi approxim individu phi involv first last name date servic cost medic care provid member identif number follow breach bcbsri recov report receiv written assur electron copi report delet notifi affect individu breach implement new procedur outgo correspond process audit affect member claim histori ensur fraud
## [2008] n
## [2009] laptop comput contain protect health inform phi individu stolen cover entiti ce lock medic offic phi involv breach includ name address date birth social secur number medic inform result incid ce encrypt phi store medic offic comput follow ocr investig ce improv physic safeguard retrain employe
## [2010] n
## [2011] n
## [2012] unencrypt laptop comput stolen cover entiti unlock test offic laptop comput contain protect health inform approxim individu protect health inform involv breach includ name date birth social secur number age gender race medic inform affect individu follow breach cover entiti restrict storag electron protect health inform network drive addit ocr investig result cover entiti improv physic safeguard retrain employe
## [2013] novemb advoc nurs laptop comput stolen miss laptop comput contain protect health inform approxim individu protect health inform involv breach includ name address date birth social secur number insur inform medic diagnos follow breach advoc specif address mobil devic secur accept use addit ocr investig result advoc workforc member use mobil devic now requir fill submit acknowledg form establish proper administr technic physic secur safeguard
## [2014] unencrypt laptop comput contain electron protect health inform ephi approxim patient stolen one cover entiti ce facil ephi includ demograph clinic data follow breach ce file polic report notifi affect patient hhs media follow ocr investig ce requir busi unit identifi devic contain phi revis procedur futur comput purchas ce also implement physic technic safeguard test devic contain ephi replac outdat machin encrypt addit ce revis exist physician agreement disallow use equip contain ephi encrypt ocr obtain assur ce implement correct action list
## [2015] n
## [2016] n
## [2017] decemb safe stolen goodwil offsit facil contain five unencrypt backup tape breach affect approxim individu protect health inform involv breach includ full name address date birth reason referr date servic miscellan demograph case social secur number cover entiti move offsit storag backup tape new site control goodwil tape now kept commerci grade safe combin lock action taken goodwil prior ocr formal investig brought cover entiti complianc
## [2018] cover entiti ces busi associ ba mail packag ce suppos contain backup data tape compact disc contain protect health inform phi howev tape packag deliv approxim individu affect breach phi includ demograph financi clinic inform ce provid breach notif affect individu hhs media follow breach ce revis procedur back data storag instead send tape via mail follow ocr investig ce continu reevalu way enhanc administr physic technic safeguard
## [2019] unencrypt portabl hard drive contain electron protect health inform ephi approxim individu stolen vehicl cover entiti ce employe ephi involv breach includ name medic record number treatment inform subset record may also includ date birth age gender phone number follow breach respons employe termin violat ces polici ocr obtain assur ces polici procedur safeguard ephi verif ce provid breach notif affect individu media hhs addit ce deploy encrypt softwar remov media
## [2020] cover entiti ce busi associ ba mail protect health inform phi approxim individu incorrect address due error quarter address updat process mail contain demograph inform explan benefit clinic inform diagnos upon discoveri breach ce collect return mail verifi deliv updat hipaa polici procedur follow ocr investig ce abl recov near misdirect envelop
## [2021] cover entiti ce busi associ ba incorrect updat contract holder address mail protect health inform phi wrong address approxim individu phi involv includ demograph inform explan benefit clinic inform diagnos breach incid involv ba occur prior septemb complianc date upon discoveri breach ce obtain assur ba took step enforc requir ba agreement specif ba updat process creat incid track report addit contract execut new vendor handl mail address verif follow ocr investig ba improv code review process catch system error caus incid institut manual qualiti review process ocr verifi ce proper ba agreement place restrict bas use disclosur phi requir ba safeguard phi
## [2022] two employe cover entiti ce misus credit card inform sever differ depart serv approxim individu protect health inform phi involv breach includ name address credit card inform follow breach ce notifi affect individu media hhs offer one free year credit monitor affect individu ce also termin employe involv revis data breach prevent polici review physic process involv payment made person use credit card ocr review ces breach notif polici assur contain requir element obtain assur ce provid breach notif
## [2023] comput backup tape contain ephi offic practic manag program includ electron medic record stolen home practic manag decemb breach affect approxim patient protect health inform tape contain patient name address telephon number date birth insur inform social secur number medic record inform follow breach sigman took follow voluntari correct action upgrad softwar applic backup secur implement new extern backup system case server goe encrypt softwar implement data contain backup tape network storag devic revis secur polici transport backup media backup tape must now store lockbox within lock offic facil revis polici also prohibit movement backup tape facil well restrict access tape design workforc employe retrain polici procedur place receiv train new polici procedur safeguard backup tape notifi affect individu media
## [2024] n
## [2025] n
## [2026] desktop four laptop comput stolen cover entiti lock facil protect health inform involv breach includ name address date birth social secur number type servic receiv medicaremedicaid numbersfollow breach cover entiti instal new offic door lock assign key instal secur camera alarm physic secur comput desk cover entiti now store bill inform patient manag system ensur electron protect health inform store local addit ocr investig result cover entiti provid train workforc member regard incid
## [2027] cover entiti ce chang busi associ ba use inform technolog vendor transit workforc member outgo ba enter ces comput system chang password disabl account remov drive map comput server workstat ba also remov ces backup program deactiv antivirus softwar breach affect approxim individu protect health inform phi involv breach includ patient name address date birth social secur number appoint insur inform dental record ce provid breach notif affect individu hhs media follow breach ce implement secur measur comput system ensur inform technolog associ access ces master system enabl direct control ce new server instal tie previous ba new ba correct ces password set mitig issu caus previous vendor ce provid ocr copi hipaa secur privaci polici procedur sign ba agreement includ appropri hipaa assur requir secur rule result ocr investig ce improv physic safeguard retrain employe
## [2028] n
## [2029] breach report cours ocr investig cover entiti advis took various correct action prevent reoccurr breach specif cover entiti conduct risk assess reveal breach pose signific risk financi reput harm member cover entiti sent notif letter member apolog breach offer year free credit monitor insur polici ident theft new york resid cover entiti also provid train call center novemb answer inquiri caller concern breach addit media outlet contact alert breach state member impact breach cover entiti advis media outlet identifi base locat membership impact well ensur major media outlet press releas sent major media outlet decemb cover entiti also creat implement new polici titl person health inform person identifi inform data secur handl polici acknowledg form central data request team track intern electron submiss request ensur phi request data receiv sign privaci offic secur offic prior releas cover entiti also provid mandatori annual computerbas train staff may
## [2030] laptop stolen lock offic aurora st luke medic center laptop contain protect health inform pertain individu inform includ patient name date birth social secur number medic record number case diagnosi code respons theft hospit implement sever correct action measur includ acceler effort encrypt laptop hard drive improv physic lock offic theft occur staff train regard appropri use storag devic contain ephi encrypt portabl flash drive blackberri devic
## [2031] laptop comput stolen hospit employee’ vehicl comput contain protect health inform phi individu includ name contact inform date birth social secur number medic record number health insur inform includ diagnosi code bill code descript ce provid breach notif hhs affect individu media respons incid ce acceler complet implement preexist plan encrypt hospit laptop addit ce revis inform secur polici retrain workforc ocr obtain assur ce implement correct action list
## [2032] laptop comput stolen workforc member car laptop comput contain protect health inform approxim individu follow breach cover entiti encrypt protect health inform store lap top addit ocr investig result cover entiti improv physic safeguard retrain employe
## [2033] share comput use backup stolen recept desk area cover entiti comput contain certain electron protect health inform ephi individu patient ce ephi involv breach includ name date birth clinic inform social secur number financi inform address phone number ephi report disk hard drive stolen comput follow breach cover entiti notifi affect individu appropri media ad technic safeguard encrypt ephi store usb flash drive cd use replac comput ad physic safeguard keep new portabl devic lock use secur combin safe doctor privat offic secur file cabinet ad administr safeguard requir annual refresh retrain ce staff privaci secur rule well requir immedi retrain clean staff rule
## [2034] share comput use backup stolen comput contain certain electron protect health inform ephi patient follow breach cover entiti notifi affect individu appropri media ad technic safeguard encrypt ephi store usb flash drive cd use replac comput ad physic safeguard keep new portabl devic lock use secur combin safe doctor privat offic secur file cabinet ad administr safeguard requir annual refresh retrain staff privaci secur rule
## [2035] share comput use backup stolen recept desk area behind lock desk area probabl clean crew left main door build open door suit unlock perhap ajar comput contain certain electron protect health inform ephi patient ephi involv breach includ name date birth clinic inform follow breach cover entiti notifi affect individu media ad technic safeguard encrypt ephi store usb flash drive cd use replac comput ad physic safeguard keep new portabl devic lock use secur combin safe doctor privat offic secur file cabinet ad administr safeguard requir annual refresh retrain staff privaci secur rule well requir immedi retrain clean staff rule alreadi taken place
## [2036] share comput use backup stolen recept desk area cover entiti comput contain certain electron protect health inform ephi individu patient ce ephi involv breach includ name date birth clinic inform social secur number financi inform address phone number ephi report disk hard drive stolen comput follow breach ce notifi affect individu appropri media ad technic safeguard encrypt ephi store usb flash drive cd use replac comput password strong comput password protect ad physic safeguard keep new portabl devic lock use secur combin safe doctor privat offic secur file cabinet ad administr safeguard requir annual refresh retrain ce staff privaci secur rule well requir immedi retrain clean staff rule alreadi taken place
## [2037] share comput use backup stolen recept desk area cover entiti comput contain certain electron protect health inform ephi individu patient ce ephi involv breach includ name date birth clinic inform social secur number financi inform address phone number ephi report disk hard drive stolen comput follow breach ce notifi affect indiv appropri media ad technic safeguard encrypt ephi store usb flash drive cd use replac comput password strong comput password protect ad physic safeguard keep new portabl devic lock use secur combin safe doctor privat offic secur file cabinet ad administr safeguard requir annual refresh retrain ce staff privaci secur rule well requir immedi retrain clean staff rule alreadi taken place
## [2038] laptop lost employe transit public transport comput contain protect health inform individu protect health inform involv breach includ name medicaid id number date birth primari physician respons incid cover entiti took step enforc requir privaci secur rule cover entiti instal encrypt softwar employe comput strengthen access control includ password review updat secur polici procedur updat risk assess addit employe receiv addit secur train
## [2039] alaska depart health social servic dhss agre pay us depart health human services’ hhs settl possibl violat health insur portabl account act hipaa secur rule alaska dhss also agre take correct action proper safeguard electron protect health inform ephi medicaid beneficiari hhs offic civil right ocr began investig follow breach report submit alaska dhss requir health inform technolog econom clinic health hitech act report indic portabl electron storag devic usb hard drive possibl contain ephi stolen vehicl dhss employe cours investig ocr found evid dhss adequ polici procedur place safeguard ephi evid indic dhss complet risk analysi implement suffici risk manag measur complet secur train workforc member implement devic media control address devic media encrypt requir hipaa secur rule addit settlement agreement includ correct action plan requir alaska dhss review revis maintain polici procedur ensur complianc hipaa secur rule monitor will report back ocr regular state’ ongo complianc effort “cover entiti must perform full comprehens risk assess place meaning access control safeguard hardwar portabl devices” said ocr director leon rodriguez “ ocr’ first hipaa enforc action state agenc expect organ compli oblig rule regardless whether privat public entities”
## [2040] five desktop comput contain unencrypt electron protect health inform ephi stolen cover entiti ce origin ce report person involv subsequ investig show person involv ephi includ demograph financi inform ce provid breach notif affect individu hhs follow breach ce improv physic secur instal motion detector alarm system secur monitor improv technic safeguard instal enhanc antivirus encrypt softwar result ocr investig ce updat comput password polici
## [2041] binder contain protect health inform phi individu stolen staff member vehicl phi includ name telephon number detail treatment note possibl social secur number respons breach cover entiti ce sanction workforc member develop new polici requir oncal staff member submit inform creat shift main offic instead ad binder follow ocr investig ce notifi local media breach
## [2042] NA
## [2043] NA
## [2044] NA
## [2045] NA
## [2046] NA
## [2047] NA
## [2048] NA
## [2049] NA
## [2050] NA
## [2051] NA
## [2052] NA
## [2053] NA
## [2054] NA
## [2055] NA
## [2056] NA
## [2057] NA
## [2058] NA
## [2059] NA
## [2060] NA
## [2061] NA
## [2062] NA
## [2063] NA
## [2064] NA
## [2065] NA
## [2066] NA
## [2067] NA
## [2068] NA
## [2069] NA
## [2070] NA
## [2071] NA
## [2072] NA
## [2073] NA
## [2074] NA
## [2075] NA
## [2076] NA
## [2077] NA
## [2078] NA
## [2079] NA
## [2080] NA
## [2081] NA
## [2082] NA
## [2083] NA
## [2084] NA
## [2085] NA
## [2086] NA
## [2087] NA
## [2088] NA
## [2089] NA
## [2090] NA
## [2091] NA
## [2092] NA
## [2093] NA
## [2094] NA
## [2095] NA
## [2096] NA
## [2097] NA
## [2098] NA
## [2099] NA
## [2100] NA
## [2101] NA
## [2102] NA
## [2103] NA
## [2104] NA
## [2105] NA
## [2106] NA
## [2107] NA
## [2108] NA
## [2109] NA
## [2110] NA
## [2111] NA
## [2112] NA
## [2113] NA
## [2114] NA
## [2115] NA
## [2116] NA
## [2117] NA
## [2118] NA
## [2119] NA
## [2120] NA
## [2121] NA
## [2122] NA
## [2123] NA
## [2124] NA
## [2125] NA
## [2126] NA
## [2127] NA
## [2128] NA
## [2129] NA
## [2130] NA
## [2131] NA
## [2132] NA
## [2133] NA
## [2134] NA
## [2135] NA
## [2136] NA
## [2137] NA
## [2138] NA
## [2139] NA
## [2140] NA
## [2141] NA
## [2142] NA
## [2143] NA
## [2144] NA
## [2145] NA
## [2146] NA
## [2147] NA
## [2148] NA
## [2149] NA
## [2150] NA
## [2151] NA
## [2152] NA
## [2153] NA
## [2154] NA
## [2155] NA
## [2156] NA
## [2157] NA
## [2158] NA
## [2159] NA
## [2160] NA
## [2161] NA
## [2162] NA
## [2163] NA
## [2164] NA
## [2165] NA
## [2166] NA
## [2167] NA
## [2168] NA
## [2169] NA
## [2170] NA
## [2171] NA
## [2172] NA
## [2173] NA
## [2174] NA
## [2175] NA
## [2176] NA
## [2177] NA
## [2178] NA
## [2179] NA
## [2180] NA
## [2181] NA
## [2182] NA
## [2183] NA
## [2184] NA
## [2185] NA
## [2186] NA
## [2187] NA
## [2188] NA
## [2189] NA
## [2190] NA
## [2191] NA
## [2192] NA
## [2193] NA
## [2194] NA
## [2195] NA
## [2196] NA
## [2197] NA
## [2198] NA
## [2199] NA
## [2200] NA
## [2201] NA
## [2202] NA
## [2203] NA
## [2204] NA
## [2205] NA
## [2206] NA
## [2207] NA
## [2208] NA
## [2209] NA
## [2210] NA
## [2211] NA
## [2212] NA
## [2213] NA
## [2214] NA
## [2215] NA
## [2216] NA
## [2217] NA
## [2218] NA
## [2219] NA
## [2220] NA
## [2221] NA
## [2222] NA
## [2223] NA
## [2224] NA
## [2225] NA
## [2226] NA
## [2227] NA
## [2228] NA
## [2229] NA
## [2230] NA
## [2231] NA
## [2232] NA
## [2233] NA
## [2234] NA
## [2235] NA
## [2236] NA
## [2237] NA
## [2238] NA
## [2239] NA
## [2240] NA
## [2241] NA
## [2242] NA
## [2243] NA
## [2244] NA
## [2245] NA
## [2246] NA
## [2247] NA
## [2248] NA
## [2249] NA
## [2250] NA
## [2251] NA
## [2252] NA
## [2253] NA
## [2254] NA
## [2255] NA
## [2256] NA
## [2257] NA
## [2258] NA
## [2259] NA
## [2260] NA
## [2261] NA
## [2262] NA
## [2263] NA
## [2264] NA
## [2265] NA
## [2266] NA
## [2267] NA
## [2268] NA
## [2269] NA
## [2270] NA
## [2271] NA
## [2272] NA
## [2273] NA
## [2274] NA
## [2275] NA
## [2276] NA
## [2277] NA
## [2278] NA
## [2279] NA
## [2280] NA
## [2281] NA
## [2282] NA
## [2283] NA
## [2284] NA
## [2285] NA
## [2286] NA
## [2287] NA
## [2288] NA
## [2289] NA
## [2290] NA
## [2291] NA
## [2292] NA
## [2293] NA
## [2294] NA
## [2295] NA
## [2296] NA
## [2297] NA
## [2298] NA
## [2299] NA
## [2300] NA
## [2301] NA
## [2302] NA
## [2303] NA
## [2304] NA
## [2305] NA
## [2306] NA
## [2307] NA
## [2308] NA
## [2309] NA
## [2310] NA
## [2311] NA
## [2312] NA
## [2313] NA
## [2314] NA
## [2315] NA
## [2316] NA
## [2317] NA
## [2318] NA
## [2319] NA
## [2320] NA
## [2321] NA
## [2322] NA
## [2323] NA
## [2324] NA
## [2325] NA
## [2326] NA
## [2327] NA
## [2328] NA
## [2329] NA
## [2330] NA
## [2331] NA
## [2332] NA
## [2333] NA
## [2334] NA
## [2335] NA
## [2336] NA
## [2337] NA
## [2338] NA
## [2339] NA
## [2340] NA
## [2341] NA
## [2342] NA
## [2343] NA
## [2344] NA
## [2345] NA
## [2346] NA
## [2347] NA
## [2348] NA
## [2349] NA
## [2350] NA
## [2351] NA
## [2352] NA
## [2353] NA
## [2354] NA
## [2355] NA
## [2356] NA
## [2357] NA
## [2358] NA
## [2359] NA
## [2360] NA
## [2361] NA
## [2362] NA
## [2363] NA
## [2364] NA
## [2365] NA
## [2366] NA
## [2367] NA
## [2368] NA
## [2369] NA
## [2370] NA
## [2371] NA
## [2372] NA
## [2373] NA
## [2374] NA
## [2375] NA
## [2376] NA
## [2377] NA
## [2378] NA
## [2379] NA
## [2380] NA
## [2381] NA
## [2382] NA
## [2383] NA
## [2384] NA
## [2385] NA
## [2386] NA
## [2387] NA
## [2388] NA
## [2389] NA
## [2390] NA
## [2391] NA
## [2392] NA
## [2393] NA
## [2394] NA
## [2395] NA
## [2396] NA
## [2397] NA
## [2398] NA
## [2399] NA
## [2400] NA
## [2401] NA
## [2402] NA
## [2403] NA
## [2404] NA
## [2405] NA
## [2406] NA
## [2407] NA
## [2408] NA
## [2409] NA
## [2410] NA
## [2411] NA
## [2412] NA
## [2413] NA
## [2414] NA
## [2415] NA
## [2416] NA
## [2417] NA
## [2418] NA
## [2419] NA
## [2420] NA
## [2421] NA
## [2422] NA
## [2423] NA
## [2424] NA
## [2425] NA
## [2426] NA
## [2427] NA
## [2428] NA
## [2429] NA
## [2430] NA
## [2431] NA
## [2432] NA
## [2433] NA
## [2434] NA
## [2435] NA
## [2436] NA
## [2437] NA
## [2438] NA
## [2439] NA
## [2440] NA
## [2441] NA
## [2442] NA
## [2443] NA
## [2444] NA
## [2445] NA