Share “Health care providers must notify patients...”

Health care providers must notify patients of breach

Attorney Cori Loomis of Crowe & Dunlevy discusses what Oklahomans should do if they fear their identities are at risk.
Oklahoman Published: August 20, 2014

Q&A with Cori H. Loomis

Health providers must notify

patients of identity theft breach

Q: The recent news reports that Chinese hackers stole 4.5 million patient names, Social Security numbers, addresses, birthdays and telephone numbers from Community Health Systems, which operates 206 hospitals across the U.S., including 10 in Oklahoma, has highlighted the risks associated with identity theft and its consequences. Will patients whose information was stolen be notified?

A: Yes. Health care providers are required by the Health Insurance Portability and Accountability Act (HIPAA) to notify patients when their protected health information is compromised as a result of a breach. However, HIPAA permits providers as much as 60 days to notify. Therefore, consumers should be proactive in trying to minimize any negative ramifications.

Q: What are the risks to consumers of having their Social Security numbers (SSNs) stolen?

Continue reading this story on the...

by Paula Burkes
A 1981 journalism graduate of Oklahoma State University, Paula Burkes has more than 30 years experience writing and editing award-winning material for newspapers and healthcare, educational and telecommunications institutions in Tulsa, Oklahoma...
+ show more


  1. 1
    Trade deal opens immigration floodgates, OK's future Obama changes, senator says |...
  2. 2
    Could Ebola become an AIDS-like sexually transmitted disease?
  3. 3
    On 'Star Wars' Day, May the Fourth be with you
  4. 4
    McDonald’s has "revival" plan for fast-food
  5. 5
    Boko Haram freed women tell of captivity horror
+ show more