Dedicated to providing the latest
HIPAA compliance news

Baxter Regional Home Health Alerts Patients to Potential PHI Exposure

Share this article on:

Baxter Regional Home Health is alerting patients to a potential breach of their protected health information following a break-in at its facility in Cotter, Arkansas.  The break-in occurred during the night and was discovered on August 5, 2016.

The thieves did not steal any equipment containing electronic patient health information, but hard copy files were present in the facility. While Baxter Regional Home Health does not believe that any files were taken by the thieves, it is possible that PHI was viewed. The files contained a range of PHI including the names of patients who had previously received treatment from the facility. Baxter Regional Home Health employees were also potentially impacted.

The data in the files included patients’ names, phone numbers, addresses, Social Security numbers, dates of birth, government ID numbers, diagnostic information, and insurance details. Employees information included names, phone numbers, addresses, dates of birth, information about past employers, and licensure information.

The breach notice posted to the organization’s website does not indicate how many individuals have been impacted, although the breach report submitted to the Department of Health and Human Services’ Office for Civil Rights shows the PHI of 2,124 individuals was potentially compromised.

Security at the facility is being improved to further protect patient health data. Locks have been changed and an alarm system and security cameras will be installed.

Baxter Healthcare Informs Patients of Privacy Breach

Illinois-based Baxter Healthcare has informed patients of a privacy breach that exposed their email addresses to members of the Patient Advisory Council. On September 15, 2016, an employee sent an email to 992 patients inviting them to take part in the Patient Advisory Council. However, the email addresses of patients were accidentally added to the ‘To’ field, rather than the BCC filed which masks email addresses from other members of the email group. No sensitive PHI was exposed as a result of the error.

Baxter Healthcare discovered the error the following day and attempted to recall the message, although it had already been delivered and had been viewed by a number of patients. To prevent future incidents such as this, Baxter Healthcare has provided additional training to employees. Additional safeguards are also being evaluated.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On