HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Atique Orthodontics Reports Potential Breach of Patient PHI

San Antonio-based Atique Orthodontics, P.A., has discovered an unauthorized person gained access to an office computer for a period of just over a month earlier this year.

The unauthorized accessing of the computer first occurred on February 29, 2016., with the remote access possible until March 30, 2016., when the security breach was discovered. During the time that remote access was possible, a server containing the protected health information of orthodontics patients could potentially have been accessed.

Atique Orthodontics has not discovered any evidence to suggest that the protected health information of patients was actually compromised, although the possibility exists that data may have been improperly accessed.

Atique Orthodontics took action to block remote access as soon as the security breach was discovered and there is no further risk of data being accessed by the individual. Atique is in the process of enhancing security and will be implementing further technical controls to prevent similar incidents from occurring in the future.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The server contained highly sensitive data including Social Security numbers, insurance information, and credit card numbers along with personal information including patient names, addresses, telephone numbers, and dates of birth.

In accordance with Health Insurance Portability and Accountability Act Rules, all patients have now been notified of the security breach by mail. Breach notification letters were sent to patients a little over two weeks after the security breach was discovered, well inside the 60-day time limit allowed under HIPAA Rules.

Because highly sensitive data were potentially compromised, Atique Orthodontics is offering all affected patients 12 months of identity theft and fraud resolution services without charge through ID Experts. Patients will also be protected by a $1,000,000 identity theft insurance policy.

To date there have been 30 cases of unauthorized access/disclosure reported to the Department of Health and Human Services’ Office for Civil Rights in 2016 – One more than this time last year. 18 Hacking/IT incidents have been reported in 2016, which is 10 fewer than this time last year. In total, 69 data breaches have been reported to OCR so far in 2016, 18 fewer than this time last year.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.