New York Doctor Informs Patients of Disclosure of their PHI


A New York doctor has begun informing patients that their PHI has been exposed and has been possibly retrieved by illegal people.

Ruben U. Carvajal, MD was warned of a probable secrecy breach on January 3, 2018 and informed that some of his patients’ health information was available over the Internet. An inquiry into the probable secrecy breach was initiated and the problem was reported to the New York Police Division and the Federal Bureau of Investigation (FBI).

FBI detectives visited his office and checked his computer. On February 18, 2018, the FBI verified that the EMR program on his computer had been retrieved by an illegal person. A forensic detective was called in to carry out a detailed investigation to decide the type and range of the breach.

On May 22, 2018 the forensic detective decided that the doctor’s computer had been retrieved by an illegal person between December 16, 2017 and January 3, 2018.

Any person that gained access to the physician’s computer might have gained access to the EMR system, even though the forensic inspection didn’t verify whether the program was retrieved, even though based on the discoveries of the FBI it can be supposed that this was the case.

The kinds of information that were possibly seen and/or copied contained names, health insurance details, medications, lab test results, treatment information, diagnoses, medical histories, birthdates, addresses, and claims information. Patients that get Medicare also had their Medicare ID numbers and Social Security numbers revealed.

Dr. Carvajal began informing patients regarding the breach on July 17, 2018 and patients have been offered free credit checking and identity thievery protection facilities. Measures have now been taken to improve safety to avoid similar breaches from happening in the time to come.

The breach report presented to the Division of Health and Human Services’ Office for Civil Rights shows 3,775 patients have had their PHI revealed.