St. Rose Dominican Hospital Patients Impacted by DJO Global PHI Breach
DJO Global, a provider of medical technologies to help patients maintain and regain natural motion, has discovered that some patients’ information has been exposed, and potentially disclosed, to unauthorized individuals.
Individuals who had received a DJO Global device in the emergency room, Urgent Care Site, or the Same Day Surgery Center of the Siena, San Martin or De Lima campuses of St. Rose Dominican Hospital in Las Vegas, NV between July 17 and October 16, 2017 have potentially been affected.
Those individuals are likely to have signed a DJO Global Patient Product Agreement confirming they had received one of the company’s devices. Those consent forms should have been sent to DJO Global; hhowever, a batch of consent forms was not received.
A DJO employee collected the forms from St. Rose Dominican Hospital and should have taken them to DHL to be delivered to DJO Global; however, the forms were lost in transit. They are believed to have been lost between collection from the hospital and delivery to DHL.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The forms contained the following information: Name, phone number, address, birth date, physician name and location, product order date, product information, date of injury, diagnosis code(s), health plan identification number, and health plan information. Some patients whose health plan uses Social Security number as patient identifiers would also have had their Social Security number exposed.
DJO Global has not received any reports to suggest patients’ exposed information has been misused, although since it is possible that the forms have been obtained by a third party, data misuse is a possibility. To ensure that patients are protected, all have been offered complimentary credit monitoring services for 12 months. Patients have also been advised to place a fraud alert on their credit files, to obtain copies of their credit reports, and to check their explanation of Benefits statements carefully for any sign of fraudulent activity.
DJO Global has responded to the incident by changing polices and procedures for mailing and has implemented new quality controls to prevent similar incidents from occurring in the future. Its vendor has also received further training on the importance of securing and protecting patient health information.
Patients impacted by the incident have now been notified by mail, and the Department of Justice and Department of Health and Human Services’ Office for Civil Rights have been notified of the incident.
