8,000 Patients Informed of PHI Disclosure After Office Robbery

A partial amount of protected health information (PHI) of nearly 8,000 patients of Brevard Doctor Companions has been revealed after a desktop computer was lifted in a robbery.

The case happened on September 4, 2017 – Labor Day – when the workplaces were shut. In the early morning, robbers entered in illegally and stole 3 desktop computer systems.

The robbery activated the alarm system and law enforcement agency reacted to the case, even though not in time to arrest the crooks. A forensic investigation of the office was carried out, even though so far the people responsible haven’t been captured and the computers not regained.

Two of the computer systems didn’t contain any PHI, however, the 3rd computer had 5 audit records kept on the hard drive. The info in those audit records was partial, even though there was enough info to necessitate the delivering of breach notices to patients.

Brevard Physician Associates proceeded swiftly and dispatched breach notification letters to affected patients perfectly within the timeframe permitted by the HIPAA Breach Notice Law. Altogether, 7,976 patients were possibly affected and had the following information revealed: Names, CPT codes for the facilities provided, names of insurance providers, and the amounts charged for facilities.

The HIPAA Safety Rule doesn’t require the use of encryption, even though if the decision is taken not to encrypt files, a substitute, corresponding control should be exercised to protect the integrity, confidentiality, and obtainability of PHI. Although the computer systems were not encoded, they were safeguarded with keywords and strong keywords had been utilized. Brevard Physician Companions also informs that the appliances can be distantly wiped of all files, and that protection has been activated. If the appliances are linked to the Internet, files will be distantly erased.

Brevard Physician Companions believes the danger – and future danger – of fraud and identity theft as a consequence of the happening is negligible. Although addresses, telephone numbers, dates of birth, financial information, Social Security numbers and insurance ID numbers were not revealed and couldn’t be retrieved by the thieves, the decision has been taken to offer all impacted patients 12 months of free credit checking facilities.

Brevard Physician Companions must be praised for its swift breach response, quick issuing of notices, and for the measures taken to alleviate risk.