An individual in Florida was recently arrested and tried for causing a healthcare data breach that compromised patients’ PHI.
- The arrest of one individual soon led to the realization that patients’ protected health information (PHI) had been compromised.
A small number of paper documents were stolen from a Florida behavioral health facility in August, and the alleged thief was tried for identity theft, according to the organization’s website. The Kirkbride Center stated that a “census sheet,” which contained patients’ names, addresses, some Social Security numbers, dates of birth, and limited insurance or medical information, was found when the individual was arrested.
The healthcare data breach involves the information of 922 patients. However, Kirkbride added that the stolen documents were recovered and there has been no indication of a misuse of the sensitive data.
“The theft occurred on certain dates in 2012 and 2013 and was discovered and reported to Kirkbride by the U.S. Attorney’s office in August 2014,” the statement explained. “An investigation by Kirkbride confirmed the only certain paper reports for certain dates containing some patient data was stolen. Kirkbride cooperated fully with law enforcement. A suspect was identified, arrested, and recently tried.”
In a separate statement, Kirkbride President and CEO Rose DiOttavio said that while it is still unsure how the individual obtained the sensitive documents, Kirkbride has modified its internal reports and policies to protect against future occurrences.
“We want to express our sincere regret to the patients of our Center whose personal information was stolen from our facility,” DiOttavio said. “We immediately began an investigation as to how these documents may have been stolen from the facility. The notification was delayed as a result of the law enforcement investigation.”
Moreover, Kirkbride has arranged to have AllClear ID protect the identity for 12 months of anyone whose personal information was exposed on the paper documents at no cost to the patient, DiOttavio explained.
Employee error causes breach of patient privacy
The importance of training employees on the proper procedures when it comes to handling PHI has been discussed on this blog numerous times. Without a thorough understanding of HIPAA administrative safeguards, staff members could inadvertently cause a healthcare data breach.
Unfortunately, an incident at a New York health facility appears to have been caused by this very issue. MetroPlus Health Plan announced on its website that one of its employees sent an email containing patient names, member identification numbers, dates of birth, and Social Security numbers to their personal account – instead of their MetroPlus assigned email account.
“This action was done in violation of MetroPlus policy and the appropriate disciplinary action has been taken,” the organization stated. “There is no evidence that information has been misused, and we believe that the likelihood of such misuse is low.”
Affected members have been notified and were offered reimbursement of a one-year membership in Experian’s Triple Alert credit monitoring product. While not going into specific security measures, MetroPlus explained that it has implemented new practices to better protect patient data.