In a public notice, Sutter said police found protected health information during an “unrelated investigation” but the organization does not know what the investigation was about. The Sacramento Business Journal reports the information was discovered during a drug bust at a house in Oakland.
Sutter believes patients at four hospitals in Berkeley, Oakland, Antioch and Castro Valley were affected. Information found at the house may have included name, address and zip code, Social Security number, marital status, date of birth, gender, name of employer, and home and work phone numbers. Sutter is offering affected patients one year of paid identity theft protection services.
This is the third major breach for Sutter under the federal breach notification rule. In May 2011, lost paper records affected 1,192 patients. Sutter suffered a huge breach when computer equipment containing protected information on 4.24 million patients was stolen. An investigation revealed that information on 943,434 patients was most sensitive and that is the number listed on the HHS Office for Civil Rights Web page of major breaches. A multi-billion dollar class action lawsuit is winding its way through the California court system.
Article Sourced From: http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-identity-theft-46262-1.html