Dedicated to providing the latest
HIPAA compliance news

Florida Medical Clinic Notifies 1,000 Patients of Privacy Breach

Share this article on:

Florida Medical Clinic, PA., has notified 1,000 patients that their due balance statements were exposed online as a result of a misconfiguration of its Patient Portal.

Between November 18, and January 6, 2016., due balance statements of some patients were viewed by industrial account patients when they logged onto the Patient Portal. Only a limited amount of patient data was viewable so there is not believed to be a high risk of patients coming to harm or suffering losses as a result of the breach.

Patients’ names, mailing address, provider names, dates of service, descriptions of procedures, and charges due were viewable by individuals unauthorized to view the information. At no point were Social Security numbers, dates of birth, credit card numbers, financial information, or other highly sensitive data accessed.

Upon discovery of the privacy breach, Florida Medical Clinic launched an investigation which revealed that the vendor of its Patient Portal – Greenway Health – had turned on a setting on the Portal by accident which resulted in due balance statements being viewable by other individuals.

The patients affected by the breach were those that used a guarantor to pay for medical services received from Florida Medial Clinic. Guarantors include organizations that conduct pre-employment screenings and supply them to potential employees. Affected individuals had their statements viewed by another member who was also on the victim’s industrial account.

Upon discovery of the misconfiguration, access to accounts was shut down to prevent any further privacy breaches until the problem was resolved. Florida Medical Clinic has also worked with its vendor to develop new protocols to prevent similar breaches from occurring in future.

Florida Medical Clinic has not received any reports to suggest the privacy breach has resulted in patients coming to harm, or that patient data have been used inappropriately. Patients concerned about the exposure of the above information can obtain a copy of their credit report from any of the three credit reference agencies without charge.

Florida Medical Clinic has advised patients that since they are entitled to one free report from Equifax, Experian, and TransUnion once every twelve months, they should obtain the reports one at a time and should spread them out to get the maximum benefit.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On