Oak Cliff Orthopaedic Associates Alerts Patients to Potential PHI Breach
More than 1,000 current and former patients of Oak Cliff Orthopaedic Associates have been notified that unauthorized individuals may have viewed some of their protected health information.
Boxes of paper business records and other items were stolen from an off-site storage facility used by the Dallas orthopedic firm. It is currently unclear when the theft occurred and how long the thieves had access to the information, although the theft was discovered on October 17, 2016.
The documents contained patients’ names, addresses, and medical record numbers, although an investigation revealed that some of the documents also contained certain patients’ credit card numbers, Social Security numbers, and banking information. Patients affected by the incident had received medical services from Oak Cliff Orthopaedic Associates between 2006 and 2007.
The Lewisville Police Department did manage to recover the stolen files and they have now been returned to Oak Cliff Orthopaedic Associates and are now secured. The stolen items were found in a hotel room, but it is unclear whether the thieves have been identified or apprehended. All other items not taken by the thieves have since been removed from the storage facility and have now been secured.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Since financial data have potentially been viewed and copied by the thieves, Oak Cliff Orthopaedic Associates notified relevant financial institutions of the risk of fraudulent activity on the affected individuals’ accounts. Patients impacted by the incident have now been notified mail and a press release has been issued in accordance with Health Insurance Portability and Accountability Act Rules.
Oak Cliff Orthopaedic Associates has not received any reports to suggest any of the stolen information has been used inappropriately, although it is possible that patient data were viewed by the thieves. As a precaution against identity theft and fraud, all 1,057 patients affected by the incident have been offered one year of identity theft protection services without charge.