Archive for HIPAA Violations
Anthem subscribers are rallying together to file lawsuits in response to the cyberattack on the insurer that exposed the PHI of 80 million current and former Anthem subscribers, according to the Times Union.
Subscribers filed class-action lawsuits against Anthem in Alabama, California, Georgia, and Indiana. Each lawsuit seeks more than $5 million in damages.
The PHI of 5,117 patients treated at a physician group affiliated with St. Peter’s Health Partners in Albany, New York, was exposed when a manager’s cellphone was stolen, according to www.bizjournals.com.
The stolen cellphone had access to corporate email systems and PHI for patients of St. Peter’s Medical Associates, P.C., including:
- Patient names
- Dates of birth
- Days, times, and locations of medical appointments
- General descriptions of reasons for appointments
The PHI was primarily limited to that of patients treated from August to November 2014. Health system officials learned of the cellphone theft November 24, 2014. Home addresses and phone numbers of two patients were listed in an email that could be accessed from the phone. The health system notified all affected patients, according to www.bizjournals.com.
Indiana Attorney General Greg Zoeller recently reached a $12,000 settlement for HIPAA violations with a former dentist accused of improperly disposing of medical records, according to Legal Newsline.
The Indiana Board of Dentistry revoked Joseph Beck’s license to practice in Indiana over allegations of negligence and fraudulent billing practices. More than 60 boxes of medical records of patients treated by Beck from 2002 to 2007 were found in an Indianapolis dumpster in 2013, not long after his license was revoked. The boxes contained the PHI of more than 5,600 patients including full names, phone numbers, addresses, and Social Security numbers, according to Legal Newsline.
Beck allegedly hired the third-party vendor Just the Connection, Inc., in Carmel, Indiana, to dispose of the records, according to Legal Newsline.
The St. Louis County Health Department recently discovered that a document containing PHI was emailed to the personal account of a former employee, according to the St. Louis Post-Dispatch.
The document listed names and Social Security numbers of inmates treated at Buzz Westfall Justice Center in Clayton, Missouri, from 2008 through 2014. The St. Louis County Health Department instructed the former employee to delete the document. The department did not identify the former employee by name, but said she resigned in November 2014 after being employed by the department for 25 years. The former employee held a clerical position and her duties involved verifying medical claims information for inmates, the St. Louis Post-Dispatch reported.
The health department notified authorities and affected patients of the breach, although there is no indication that the information in the PHI in the document was misused. The department is taking precautions to ensure an incident like this will not occur again. It will continue conducting annual HIPAA training, according the St. Louis Post-Dispatch.
Northwestern Memorial Healthcare in Chicago recently notified 2,800 patients of a breach that occurred when a password-protected, unencrypted laptop was stolen from an employee’s vehicle, according to a notice on the health system’s website.
The laptop may have contained the following patient information:
- Dates of birth
- Health insurance information
- Billing codes
- Dates of service
- Physicians’ names
- Medical record numbers
- Treatment information
In some instances, patients’ Social Security numbers may have been listed. The health system learned of the theft the date it occurred, October 21, 2014. It began sending letters to affected patients December 19, 2014.
The employee who had been in possession of the laptop contacted law enforcement officials after learning of the theft. The health system subsequently began its own investigation, according to the notice.