The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Capital Digestive Care Notifies 17,639 Individuals of PHI Exposure

Posted By on May 8, 2018

The Silver Spring, MD-based gastroenterology group Capital Digestive Care has discovered one of its business associates uploaded files to a commercial cloud server that lacked appropriate security controls, exposing the protected health information of up to 17,639 patients.

The availability of sensitive patient data over the Internet was brought to the attention of Capital Digestive Care on February 23, 2018 and action was promptly taken to secure the files and prevent further unauthorized access.

An investigation into the privacy breach was launched to determine the types of information that had been exposed and the number of patients impacted.

The investigation confirmed some sensitive data had been exposed, although the breach was limited to individuals that had visited its website and submitted information via the Schedule a Visit and Contact pages on the site.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The types of information exposed was limited to names, addresses, email addresses, telephone numbers, and birth dates. Patients may also have had a limited amount of health information exposed. The login page to the patient portal and the Pay a Bill pages were unaffected, so no financial information was exposed. No patient accounts were compromised and Social Security numbers and electronic health records remained secure at all times.

Capital Digestive Care has taken steps to prevent further breaches of PHI. All third-party vendors are now required to confirm compliance with HIPAA Security Rule provisions concerning the secure storage of personal data.

All patients impacted by the incident have been notified by mail and provided with information on monitoring and protecting their personal information.

It is unclear for how long patient data were exposed and how many unauthorized individuals viewed patient information.

Capital Digestive Care has not received any reports to suggest the exposed information has been obtained by unauthorized individuals or misused.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist