25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Data Breach Discovered by the Eye Institute of Corpus Christi

Posted By on Mar 3, 2016

The Eye Institute of Corpus Christi, a full service eye care, diagnosis, and treatment clinic in Texas, has discovered that individuals gained access to the records of all of its patients, downloaded their protected health information from the EHR, copied those data, and provided them to two physicians formerly employed by the eye clinic.

The disclosed data include the names of patients, their addresses, contact telephone numbers, Social Security numbers, dates of birth, medical diagnoses, details of treatment, and health insurance details.

The Eye Institute became aware of the patient privacy breach on January 6, 2016., and has since discovered that data provided to the physicians have been used to contact patients in an attempt to solicit business. The physicians in question had been employed at The Eye Institute of Corpus Christi until recently.

The Eye Institute of Corpus Christi has been in touch with the physicians concerned and has instructed them to return the stolen data. It is not clear from the breach report whether the data have been returned and are now secured.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

While some patients have been contacted, the physicians have apparently not disclosed the data to any other individuals and appear to have only been using the client details to recruit patients to their new place of business.

The Eye Institute initiated an investigation into the data breach in January when the data theft was discovered. The matter has been reported to law enforcement and federal authorities have also been informed of the data breach. Additional protections have now been put in place to prevent future incidents such as this from occurring in the future and all user passwords and credentials have been changed.

It is not clear from the breach report whether the individuals who accessed, copied, and disclosed patient PHI to the physicians have been identified. The investigation into the privacy breach is ongoing.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist