World Renowned Cancer Center Reports Third PHI Data Breach in 2012

Posted on by Frank J. Rosello

The MD Anderson Cancer Center at the University of Texas has sent letters to about 2,200 patients whose unencrypted medical records may have been compromised on a lost thumb drive. It’s the third possible data breach this year for the center.

According to a statement from MD Anderson, a trainee lost the storage device on employee shuttle bus July 13. The missing records included patients’ names, dates of birth, medical record numbers, diagnoses, and treatment and research information

There were about 2,200 letters sent, said Julie Penne, an MD Anderson spokeswoman.

On April 30, a laptop with the unencrypted records of 29,201 MD Anderson patients was reported stolen from a physician’s home, according to the hospital and the official breach notification list kept by the Office for Civil Rights at HHS.

In January, nearly 4,000 patients were notified their insurance claim records were on a laptop stolen from the home of a PriceWaterhouseCoopers employee, although those records were encrypted.

“There are a number of educational programs under way,” Penne said. “We’ve already encrypted 26,000 computers today and plan to do the rest in the next couple of months.” In addition, she said, the hospital has ordered 5,000 pre-encrypted thumb drives.

Can PHI data breaches be avoided and data security threats effectively mitigated?


At Environmental Intelligence, we understand what is required and necessary to mitigate the risks of PHI data breaches.  Our team of expert Health IT consultants, technicians and engineers along with the financial services compliance expertise of our executive management team, has established a proven track record of deploying effective internal processes and routines designed to proactively mitigate enterprise-wide data security risks within public and private medical organizations of all sizes.

Managed Network Services, which is part of our Complete Health IT Solutions suite of services,  includes 24/7 Protected Health Information (PHI) Access and Security Monitoring.  Combined with our HIPAA Privacy and Security Rules Compliance Consulting and Enterprise Network Security Architecture Consulting and Installation, our clients realize high levels of HIPAA data security compliance and confidence that comes with our partnership and expertise.

Click here for best practices on PHI data security for your practice or organization.

Since reporting began in September 2009, the Office for Civil Rights (OCR), the division within the U.S. Department of Health and Human Services (HHS) that promotes and ensures covered medical organizations compliance with HIPAA Privacy and Security Rules of protected health information (PHI), posts on its website details about medical records breaches affecting 500 or more individuals, has 489 breach incidents on the list involving more than 21 million people to date.

Frank J. Rosello

is CEO & Co-Founder of Environmental Intelligence LLC.

Environmental Intelligence, LLC, is a complete, full-service healthcare IT solution provider. With a team having more than 10 years of proven clinical expertise in delivering end-to-end health IT solutions, Environmental Intelligence provides medical practices and facilities onsite expert IT consulting, installation, and implementation that is focused on physicians, their patients, and the quality of their care.

Contact us to learn more about our Physician Focused – Patient Driven® approach to Health IT.


Leave a Reply

Follow GOEILLC on LinkedIn Follow GOEILLC on Twitter