Healthcare Workers Accused of Taking PHI to New Companies


Two HIPAA-protected units are alerting patients that a former worker has accessed databases and stolen PHI to take to a new company.

Former Hair Free Forever Employee Contacts Patients to Solicit Customers

Hair Free Forever, a Ventura, CA-based supplier of perpetual hair removal cures, has declared that a former worker has stolen patient information and has been getting in touch its patients in an attempt to solicit customers.

The business uses Thermolysis to perpetually remove hair. As the technique is categorized as a medical process, Hair Free Forever and its workers are required to abide by HIPAA Laws.

In a data breach notification provided to the California attorney general, Hair Free Forever’s Cheryl Conway notifies patients that the former worker accessed patient files and the business’s database and stole patients’ PHI, in clear breach of HIPAA Laws. The data theft came to light when grievances were received from customers who had been communicated and told about the former worker’s new practice.

An inquiry into the safety breach disclosed the former worker stole information like names and contact information, details of medications taken, physicians’ names, diagnoses and treatment information, details of mental and physical condition, medical histories, dates of birth, and intimate personal photographs. Hair Free Forever informs that attempts have been made to safeguard patients’ PHI.

It is presently unclear precisely how many patients have been affected because the occurrence has yet to emerge on the Division of Health and Human Services’ OCR breach portal, even though a breach report has been put forward.

Cheryl Conway wrote “Apart from the ethical and moral neglect of secrecy problems… this illegal behavior carries substantial penalties, fines, and legal consequences.” A complaint has been recorded with OCR over the HIPAA infringement.

Former Muir Medical Group Worker Takes PHI to New Company

A similar occurrence happened at the Walnut Creek, CA-situated independent doctors’ association Muir Medical Group IPA. Report on the breach was issued in late May, even though at the time it was uncertain how many patients were impacted. The occurrence has now become visible on the OCR breach portal, which discloses the information of 5,485 patients was taken by a former worker and was provided to her new company.

The data leak was noticed by Muir Medical Group on March 7. A third-party computer forensics company was employed to probe the breach, which exposed the following information had been taken by the former worker: Names, medications, treatment information, test results, diagnoses, phone numbers, addresses, and Social Security numbers. Impacted patients had received treatment between November 2013 and February 2017.

All patients whose PHI was taken by the former worker have been offered free credit checking facilities for 12 months.