Dedicated to providing the latest
HIPAA compliance news

Family Medicine East, Chartered Alerts 6,800 Patients to ePHI Exposure

Share this article on:

Family Medicine East, Chartered of Wichita, KS, has reported the theft of a computer from its Rock Road facilities. Thieves broke into the locked clinic on December 8, 2016 and stole a desktop computer and a printer. The computer, which was unencrypted, contained the protected health information of almost 7,000 patients.

Law enforcement was notified of the break-in and theft, although the individual(s) responsible have not been apprehended and the stolen computer has not been recovered.

The data on the computer were backed up so the theft has not resulted in the loss of any ePHI although an investigation of data backups did reveal that a considerable number of images and office notes were stored on the device.

The medical notes were mostly transcriptions of dictated physicians’ notes and related to patients that had visited Family Medicine East, Chartered for medical services between 2003 and 2004. The notes contain details of what was discussed during patients’ appointments and included patients’ names, birth dates, appointment dates, physician’s names, symptoms, details of examinations, diagnoses and orders. In additions to the physicians’ notes, some letters were stored on the stolen device which detailed patients’ names and medical conditions. The letters related to referrals of patients to other physicians.

Family Medicine East, Chartered has now notified all affected patients of the breach and has reassured them that no financial information, Social Security numbers, or addresses were stored on the computer. Only images and notes typed by transcriptionists were exposed as a result of the theft.

Family Medicine East, Chartered pointed out in its notification letters that files should not have been stored on the computer and therefore were not flagged during risk analyses conducted prior to the theft. The files had been stored on the stolen device “as a result of an employee’s oversight” according to the clinic’s substitute breach notification letter.

Due to the nature of data stored on the device, Family Medicine East, Chartered says “it is hoped that the risk of information being misused is low,” although the clinic has agreed to make credit reports available to affected patients free of charge.

Prior to the theft, Family Medicine East, Chartered had already started the process of encrypting all devices that contained patients’ protected health information and the clinic reports that that process has now been completed.  Security at its facilities has also been augmented to reduce the risk of further burglaries.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On