25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Potential Privacy Breach at Planned Parenthood Dubuque Health Center

Posted By on Jul 5, 2016

On July 1, 2016, Planned Parenthood of the Heartland announced that the protected health information (PHI) of certain patients of its Dubuque health center in Iowa may have been accessed by unauthorized individuals.

The health center permanently closed its doors to patients this April year and the premises was listed for sale and was sold. However, hard copies of patient files were left in the Dubuque health center. In April 2016, individuals entered the medical center and could potentially have viewed and/or copied patient files. The potential breach was discovered by Planned Parenthood on May 6, 2016. The files have now been removed from the premises and have been secured. Planned Parenthood said this was an isolated incident and is not representative of the stringent privacy standards usually maintained by the healthcare organization.

Patients affected by the potential privacy breach had sought treatment at the Dubuque health center between August 1, 2008 and April 30, 2014. In total, the PHI of 2,506 patients may have been compromised. Patients have now been notified of the breach and a substitute breach notice has been placed on the Planned Parenthood website.

Patient files contained full names, mailing addresses, dates of birth, health insurance information, Social Security numbers, medical record numbers, lab test results, medical diagnoses, and treatment information.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Planned Parenthood conducted an investigation into the privacy incident, although no evidence was uncovered to suggest that the patients’ files were accessed or that any patient data were used inappropriately. However, patients are being advised of the potential breach to allow them to take steps to mitigate any potential negative impact.

Planned Parenthood has suggested that patients visit the Federal Trade Commission website for further information on identity theft and to find out about the steps that can be taken to mitigate risk.

According to a statement issued by Planned Parenthood’s Chief Clinical Officer Penny Dickey, the incident has prompted “a comprehensive examination of our processes to ensure such an incident will never occur again.”

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist