News Feature | February 5, 2014

HIPAA Breach Exposes 42,000 In Wisconsin

Source: Health IT Outcomes
Christine Kern

By Christine Kern, contributing writer

Unity Health Plans reveals breach of health care records, affects some 42,000 individuals

Healthcare IT News reports Unity Health Plans Insurance Corporation discovered an unencrypted portable computer hard drive containing individual health records was missing from the University of Wisconsin-Madison School of Pharmacy which had this information as part of a benefits program evaluation. As a result, Unity - which serves approximately 140,000 members - “has notified nearly 42,000 of its members that their protected health information may have been compromised following a HIPAA privacy breach.”

In a disclosure notice on Unity’s website, the company issued an apology to its members and an assurance that they are taking proper steps to correct the breach and protect the safety of member information. The missing hard drive did not contain the name, street address, Social Security Number, credit card, banking or financial information of any Unity member.

The Press release state, “The information on the hard drive included some protected health information relating to certain prescription drugs. The information on the hard drive was limited to the Unity member number, date of birth, city of residence, name of drug, and date of service, if any. We have identified 41,437 members who may have been affected. We are notifying each of those members by letters mailed January 29, 2014.”

Further, it assured that there is no reason to believe the hard drive was stolen to gain access to member information or that this information has been accessed or misused in any way. To date, only 17 of the more than 80,000 HIPAA breach cases OCR has received since 2003 have resulted in fines.

Just this past December, the five-hospital Riverside Health System in southeast Virginia announced that the PHI of nearly 1,000 patients had been compromised in a privacy breach that continued for four years. From September 2009 through October 2013, a former Riverside employee inappropriately accessed the Social Security numbers and electronic medical records of 919 patients. The breach wasn't discovered until Nov. 1 following a random company audit.

Want to publish your opinion?

Contact us to become part of our Editorial Community.