25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Illinois Physicians Network Discovers Paper Records Missing from Storage Facility

Posted By on Dec 14, 2017

Over the past two months there have been several data breaches reported by HIPAA-covered entities involving the loss or theft of physical records. In November, 7 breaches involving paper records were reported to the HHS’ Office for Civil Rights, and a further 5 incidents were reported the previous month.

Now another incident has been reported in Illinois. Franciscan Physician Network of Illinois and Specialty Physicians of Illinois LLC have discovered payment records that were kept in a storage facility are missing. The storage facility in Chicago Heights was shared by both physician groups.

The loss/theft of the paperwork is one of the largest breaches of the past few months, potentially impacting as many as 22,000 patients. The payment records were from 2015-2017 and 2010.

The boxes of files were confirmed as missing on November 21, 2017, with notifications issued on December 13, 2017. The loss of files was discovered following a routine records request, but the records could not be located. An inventory of the storage facility was conducted, and 40 boxes of files were determined to be missing and potentially stolen.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The records only contained a limited amount of patient information related to payments received, and included names and addresses, payment methods, payment amounts, office location, and the last four digits of credit card numbers. For a limited number of patients who paid their bill by check, their routing number, bank account number and Social Security number were also present in the files.

Some of the records from 2010 may also have included insurance ID numbers, facility-assigned account numbers, dates of birth, type of visit, diagnoses, provider names and addresses, dates of service, descriptions of services provided, and procedure codes.

While it is a possibility that the files have been stolen, foul play is not suspected. Out of an abundance of caution, individuals impacted by the incident have been offered two years of identity theft protection services without charge.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist