Baxter Regional Home Health Alerts Patients to Potential PHI Exposure
Baxter Regional Home Health is alerting patients to a potential breach of their protected health information following a break-in at its facility in Cotter, Arkansas. The break-in occurred during the night and was discovered on August 5, 2016.
The thieves did not steal any equipment containing electronic patient health information, but hard copy files were present in the facility. While Baxter Regional Home Health does not believe that any files were taken by the thieves, it is possible that PHI was viewed. The files contained a range of PHI including the names of patients who had previously received treatment from the facility. Baxter Regional Home Health employees were also potentially impacted.
The data in the files included patients’ names, phone numbers, addresses, Social Security numbers, dates of birth, government ID numbers, diagnostic information, and insurance details. Employees information included names, phone numbers, addresses, dates of birth, information about past employers, and licensure information.
The breach notice posted to the organization’s website does not indicate how many individuals have been impacted, although the breach report submitted to the Department of Health and Human Services’ Office for Civil Rights shows the PHI of 2,124 individuals was potentially compromised.
Get The Checklist
Free and Immediate Download
of HIPAA Compliance Checklist
Delivered via email so verify your email address is correct.
Your Privacy Respected
Security at the facility is being improved to further protect patient health data. Locks have been changed and an alarm system and security cameras will be installed.
Baxter Healthcare Informs Patients of Privacy Breach
Illinois-based Baxter Healthcare has informed patients of a privacy breach that exposed their email addresses to members of the Patient Advisory Council. On September 15, 2016, an employee sent an email to 992 patients inviting them to take part in the Patient Advisory Council. However, the email addresses of patients were accidentally added to the ‘To’ field, rather than the BCC filed which masks email addresses from other members of the email group. No sensitive PHI was exposed as a result of the error.
Baxter Healthcare discovered the error the following day and attempted to recall the message, although it had already been delivered and had been viewed by a number of patients. To prevent future incidents such as this, Baxter Healthcare has provided additional training to employees. Additional safeguards are also being evaluated.