A huge, nationwide data breach that affected nearly 100,000 people six years ago is just now coming to light, and you won't believe how red tape got in the way of this critical information from getting to you. Worse, your Social Security number may have been exposed in the breach.
The incident occurred between 2009 and 2010 during what turns out to be a relatively common occurrence. Health information, including names and Social Security numbers, was accidentally revealed to a contracted company when the American College of Cardiology's computer system was being redesigned.
When testing it new computer system, the ACC wasn't using real patient data, in case something went wrong. Except, in one test it accidentally did reveal sensitive patient information from 1,400 medical facilities around the country.
Yet, all these years later, the details of this massive data breach are only now coming to light. Why? The short answer: bureaucratic red tape.
First, data breaches that affect less than 500 people do not have to be reported to the Department of Health and Human Services, according the Health Insurance Portability and Accountability Act (HIPAA).
Second, it's up to each of the affected medical facilities to alert their own patients about the data breach. Most of the 1,400 healthcare facilities affected by this breach weren't required to do that.
The reason we now know about this years-old data breach is because one hospital, Sacred Heart Health System in Florida, last week issued a statement about the breach.
Note: Keep a lookout for news about this breach from your healthcare providers. And keep reading Happening Now. We'll let you know if any other hospitals fess up to having exposed your health information.