Kaiser reports second fall data breach
November 26, 2013 in Medical Technology
In its second reported data breach this fall, Kaiser Permanente is notifying patients seen at its Anaheim Medical Center that their protected health information has been compromised after a USB flash drive containing patient data went missing.
The USB drive was discovered missing Sep. 25, according to patient notification letters sent out Nov. 25. Patient names, dates of birth and medical records numbers were all contained on the drive.
“On behalf of Kaiser Permanente, we offer our sincerest apology that this unfortunate incident occurred,” wrote Julie Miller-Phipps, senior vice president and executive director of Kaiser Foundation Hospitals Orange County, in the letter. “We assure you that safeguarding your information is one of our highest priorities.”
[See also: Kaiser Permanente sends out breach letters after email gaffe.]
Kaiser officials did not immediately return a comment regarding breach details and the number of patients affected by the breach.
Kaiser Permanente also in September notified 670 patients of a HIPAA breach after an emailed attachment containing the protected health information of patients was sent to a recipient outside the Kaiser network. Patient names, medical record numbers, email addresses, employers, phone numbers, department names and appointment dates for health screenings were sent to the recipient.
HIPAA covered entities and business associates responsible for violating HIPAA privacy and security rules by failing to safeguard patient protected health information could face a potential up to $1.5 million in annual fines.
This story will be updated.