Share “Health care providers must notify patients...”

Health care providers must notify patients of breach

Attorney Cori Loomis of Crowe & Dunlevy discusses what Oklahomans should do if they fear their identities are at risk.
Oklahoman Published: August 20, 2014

Q&A with Cori H. Loomis

Health providers must notify

patients of identity theft breach

Q: The recent news reports that Chinese hackers stole 4.5 million patient names, Social Security numbers, addresses, birthdays and telephone numbers from Community Health Systems, which operates 206 hospitals across the U.S., including 10 in Oklahoma, has highlighted the risks associated with identity theft and its consequences. Will patients whose information was stolen be notified?

A: Yes. Health care providers are required by the Health Insurance Portability and Accountability Act (HIPAA) to notify patients when their protected health information is compromised as a result of a breach. However, HIPAA permits providers as much as 60 days to notify. Therefore, consumers should be proactive in trying to minimize any negative ramifications.

Q: What are the risks to consumers of having their Social Security numbers (SSNs) stolen?

Continue reading this story on the...

by Paula Burkes
A 1981 journalism graduate of Oklahoma State University, Paula Burkes has more than 30 years experience writing and editing award-winning material for newspapers and healthcare, educational and telecommunications institutions in Tulsa, Oklahoma...
+ show more


  1. 1
    Florida State Seminoles QB De'Andre Johnson dismissed by program after video shows him striking...
  2. 2
    Why People Post Annoying Status Updates on Facebook
  3. 3
    'Can't Buy Me Love' Actress Dies at 43
  4. 4
    Bill Cosby said he got drugs to give women for sex
  5. 5
    Reports: David West agrees to veteran minimum deal to play for Spurs
+ show more