Healthcare Information Security

Latest Health Data Breaches News

Improper Disposal Leads to Potential Healthcare Data Breach

Recent potential healthcare data breaches were caused by improper disposal, theft, and unauthorized emails.

By Elizabeth Snell

Community Mercy Health Partners (CMHP) reported that patient records were found in a recycling dumpster on November 27, 2015.

Healthcare data breaches stem from improper disposal and document theft

CMHP said it was contacted by law enforcement about the records, and that it immediately sent employees to the recycling site in order to collect the records. All documents were reportedly retrieved and then CMHP began an internal investigation.

It was concluded that a CMHP vendor disposed of lab records by placing them in the dumpster on November 25, 2015, according to CMHP. Potentially exposed information may have included patients’ names, physicians’ names, accession numbers, types of study, guarantor information, health insurance information, diagnoses, and other clinical information. Social Security numbers and driver’s license numbers may also have been included in some instances.

While the CMHP statement did not specify how many individuals were possibly affected, the OCR data breach reporting tool states that 113,528 individuals were impacted.

In its data breach notification, CMHP said it regretted that the incident took place, and outlined changes that were being taken to ensure the same thing does not happen again.

“To help prevent this from happening in the future, we have taken steps to re-inventory all document storage locations, significantly reduced or eliminated retention of paper documents when the information is electronically available, and re-educated our facilities management contractors on the requirements for physical storage relocation projects.”

Document theft causes healthcare data breach for Calif. practice

The California-based office of Michael S. Benjamin, M.D. is notifying some patients that their information may have been exposed following the theft of “a small number of patient charts” in November 2015.

A notice posted to the Los Angeles Daily News explains that police were immediately notified when the theft was discovered and that a suspect was identified and taken into custody. While many stolen documents were recovered, the notice adds that patients should still closely monitor all of their accounts and credit information.

The paper charts possibly contained patients' names, addresses, phone numbers, dates of birth, marital statuses, spouses' names, Social Security numbers, referring physicians, insurance information, lab values, and height, weight, and blood pressure for each office visit.

“Please be advised that there is minimal medical information contained in the paper charts as our office uses a secure electronic medical record system that was undisturbed to store patient private medical information,” the statement explains.

According to the OCR data breach reporting tool, 1,300 individuals were affected by the incident.

Patient info. exposed after personal email sent at Alaska facility

Alaska Orthopedic Specialists is notifying patients that a former non-physician employee potentially exposed sensitive information.

The employee reportedly sent an unauthorized email that contained copies of patient information to the employee's personal email account. The incident happened after Alaska Orthopedic Specialists had closed its Anchorage location, which took place in March 2015.

In the following year, Alaska Orthopedic Specialists discovered that the email had been sent. However, the organization explained in its statement that it has “taken steps to secure the return of all information.”

“All patients impacted by this incident have been sent notification and offered identity theft protection services,” the statement reads. “At this time, there is no evidence of disclosure or use of the information taken by the former employee.”

The practice did not specify what information may have been exposed or how many patients were possibly affected. However, OCR reports that 553 individuals were impacted by the incident.  


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...