3 New US Breaches Affect 20,000+

The new HHS/OCR web site has added three more US breach reports:

Montefiore Medical Center
Date of Breach: 2/20/10
State: New York
Individuals Affected: 625
Type of Breach: Laptop Theft

Private Practice
Date of Breach: 2/20/10
City and State: San Antonio, Texas
Individuals Affected: 21,000
Type of Breach: Portable Electronic Device Theft

Aspen Dental Care P.C.
Date of Breach: 10/04/09
State: Colorado
Individuals Affected: 2,500
Type of Breach: Theft

None of these breaches had been reported in the media to my knowledge.  Unfortunately, because of the type of summary HHS/OCR has chosen to provide, we do not know if any SSN or financial information were also involved in the breaches.  The second breach highlights a liability and disclosure issue: private practitioners’ names are being shielded.  Here you have a practitioner who has a device with unsecured protected health information on 21,000 patients stolen, and you cannot tell who it is.  If you lived in San Antonio, wouldn’t you want to know whether a doctor you were considering using had left Personal Health Information unsecured?