“View Breaches Affecting 500 or More Individuals. OCR must post a list of breaches that affect 500 or more individuals.  View a list of these breaches.”

And surprisingly, there was nothing there.

Now, it is very hard to imagine that no data breaches have been detected since September 23rd that affected over 500 individuals and would have had the potential to lead to harm for the affected population.

So, I’m perplexed as to why there aren’t any data breaches over 500 individuals yet listed by HHS.

I guess it is possible that some healthcare providers may still be unaware of the reporting mandate, but it would seem unwise of others that are aware of the breach notification provisions and have experienced a sizable data breach to neglect to comply with the mandatory HHS reporting requirement.

If anyone can shed light on the lack of content on the HHS data breach notification site, I think it would be of interest to all of us who are watching to see whether the public reporting provisions of the HITECH Act will result in more responsible behavior by entities to expose our protected health information (PHI).

Medical Identity Theft Risks

It is unfortunate that while we have very clear rights to access and correct our financial records, we don’t have similar rights when it comes to our medical records.

While this hasn’t been a high level concern for patients up until now, because the majority of fraud thus far has mostly impacted the healthcare insurers, the implications for all of us are getting more and more serious.

This segment describes a situation where a young woman’s social security number at the Red Cross became associated with a patient who visited a clinic in another state, years ago, who had AIDS.

It illustrates the difficulty that one has in correcting such issues with our medical identities.

*   *   *

Stay Informed With ISR News Alerts:

*   *   *

Doug Pollack has 20+ years of industry experience in computing, networking, and software. He currently resides in Portland, Oregon and is Chief Marketing Officer for ID Experts, leader in data security breach prevention and remediation. His background includes over 13 years in Silicon Valley in management positions at Apple, 3Com, and a software startup that grew to $25MM and an IPO. After relocating to Oregon, Doug led marketing & business development for GemStone Systems, a Java technology company with close ties to Sun Microsystems & IBM, to an acquisition in 2000. Doug has also acted as interim CEO for two venture-backed software startups and prior to ID Experts was VP of marketing and business development for Digimarc, a $100MM publicly traded corporation (DMRC). Doug’s educational background includes a BSEE from Cornell Univerisity and an MBA from the Stanford Graduate School of Business.

ID Experts provides data breach solutions, risk assessment, forensic investigation and fully managed victim identity restoration to corporations, financial institutions, healthcare organizations and government agencies. As a leader in data breach prevention and remediation, the company has managed hundreds of data breach events, protects millions of individuals from identity theft and authored the Identity Crime Victim’s Bill of Rights. ID Experts is actively involved with industry organizations including ANSI/Identity Theft Prevention and Identity Management Standards Panel, International Association of Privacy Professionals, Internet Security Alliance, and the Santa Fe Group.

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com