July 7, 2018
In the past few days, Associated Dermatology & Skin Cancer Clinic of Helena, MT, has informed a breach of physical protected health information (PHI) that might have affected as many as 1,254 patients.
A journal controlled by a worker of Associate Dermatology was taken from her automobile on May 26, 2018. A thief entered the automobile and thieved the personal journal, which saved information in order to assist the person with the delivery of care to patients.
The diversity of information saved in the journal included names and ages of patients, their referring doctors, patients whose protected health information has been accessed by the thief had received medical services through Associated Dermatology between September 1, 2017 and May 24, 2018, reasons for visits, and visit comments, short notes on patients’ medical records.
Although highly confidential details – the type that can be used to thieve identities – were not saved in the journal, there is a probability that the information might be abused, even though no reports have been received so far to indicate that is the situation.
The gravest danger is the use of the information in social engineering or phishing cheats that attempt to get patients to disclose more information like Social Security numbers, dates of birth, and health insurance details. Patients have been recommended to be careful in light of such cheats.
The breach has led to Associated Dermatology to adapt more protections in order to make sure all types of PHI are protected as well as future cases of this type are alleviated.
The thievery has been made known to law enforcement authorities who are trying to find the journal. The case will also be made known to all applicable authorities, including the Division of Health and Human Services’ Office for Civil Rights (OCR), in due course.