A Mercy Health Love County Hospice breach has possibly affected over 13,000 patients in Oklahoma.
On June 23, 2017, the hospice learned a worker had stolen a laptop computer as well as paper files from a storing unit utilized by the hospice. As per the breach notice released by Mercy Health, the files of 10 patients were taken from the storing unit together with the laptop.
The thievery of PHI was primarily probed by the Love County Sheriff’s Office. That probe disclosed the former worker had utilized the stolen info to illegally get credit cards in the patients’ names. Another person is also assumed to have been implicated.
Although Mercy Health had up to 60 days to inform patients of the breach according to HIPAA Laws, all 10 patients were informed instantly. Mercy Health is co-operating with the United States Postal Services, the Love County Sherriff’s Office, and the U.S. Secret Service which are all probing the case.
Mercy Health stated in its breach notice, “Even though there is no proof that records pertaining to patients apart from the 10 patients initially identified were retrieved or gotten without approval, Mercy is nevertheless notifying the public of the case.” All impacted patients have been provided 12 months of credit checking and identity thievery repair facilities free of charge.
Mercy Health Love County Hospital, as well as Clinic Administrator, Richard Barker stated, “We are taking measures to safeguard all patient information to avoid anything similar from occurring.”
Although it would seem that the files of just 10 patients were stolen, a statement presented to the Division of Health and Human Services’ OCR shows a breach has been experienced involving 13,004 film/paper records.
It’s presently not clear whether the storing unit had the files of 13,004 patients, however just 10 patients’ records were taken, or if this is a single case. HIPAA Journal got in touch with Mercy Health for an explanation, however, has not yet received a reply.