Dedicated to providing the latest
HIPAA compliance news

OptumRx and Einstein Health Network Inform Patients of Recent PHI Breaches

Share this article on:

OptumRx is in the process of notifying patients about a breach of their Protected Health Information after an unencrypted laptop computer was stolen from one of its vendors.

An employee of an unnamed company which provides prescription delivery services on behalf of OptumRx left a laptop computer in a vehicle from where it was stolen. The theft occurred on March 16, 2016 and OptumRx was notified of the theft by its vendor on March 22, 2016.

The laptop contained patient data including names, addresses, drug prescription information, prescription providers, and health plan names. No Social Security numbers or financial information were stored on the laptop, although some patients had their date of birth exposed. The breach notice submitted to the California Attorney General does not mention whether the laptop was password protected.

Additional security measures have now been implemented on laptop computers used by OptumRx’s vendor. Further staff training will be conducted to reinforce policies and procedures already put in place by the vendor. All affected patients have been offered a year of identity theft protection services with LifeLock and have been advised to closely check their explanation of benefits statements and account statements for suspicious activity.

Einstein Healthcare Network Alerts Patients About Potential PHI Compromise

 

An error in the configuration of a website has led to the PHI of approximately 3,000 Einstein Healthcare Network patients being exposed. The website database used to store information entered by patients into the “request for information” section of the company’s website form was discovered to be accessible over the Internet.

The website error was discovered on February 2, 2016., and was immediately corrected. However, any data entered into the request for information section of the website prior to February 2 could have been accessed by unauthorized individuals.

The database contained the names of patients, contact telephone numbers, physicians’ names, the reason for submitting the request, and some patient health information. It is not clear if data were accessed by unauthorized individuals during the time it was accessible over the Internet. Einstein Healthcare Network is not aware of any data being used inappropriately.

The Philadelphia-based healthcare network has now enhanced security measures on its website to prevent similar incidents from occurring in the future.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On