Breaches are not always caused by lost laptops or hackers. They often result from simple errors by the hospital's or another provder's own staff. In a very recent example, the California Department of Public Health found two instances of serious mishandling of protected patient information at Children's Hospital of Orange County. Via Orange County Register:
In the first instance, the state found that after a doctor called to give the hospital a new fax number, patient records were instead sent to an auto business. Six faxes with health care information were picked up from the business, the report says.
A month later, the auto shop again notified the hospital that it had received a fax with a patient's name, date of birth and details of visits. The hospital discovered that the wrong fax number had not been changed in a data base.
Hospital staff said the breach would have been prevented if a test fax had been sent as required by hospital policy, the report said.
The other privacy breach occurred when the name of an emergency room patient's doctor was incorrectly entered into the system. Records were then faxed to the wrong doctor who notified the hospital.
CHOC is auditing its database to make sure information is accurate.
"State blames CHOC in wrong-site surgery," Orange County Register (June 25, 2010).