HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Klaussner Furniture Industries Discovers Health Plan Data of 9,352 Employees Has Potentially Been Compromised

The protected health information of 9,352 current and former employees of Klaussner Furniture Industries, Inc., and some dependents of those employees, has been exposed as a result of a security breach.

In February 2019, Klaussner Furniture learned that computers had been accessed by unauthorized individuals. A leading cybersecurity firm was retained to conduct a forensic investigation, which confirmed that two computers had been accessed by an unauthorized third party.

An analysis of the computers revealed they contained files that included first and last names, dates of birth, addresses, Social Security numbers, health benefit election(s), and some health information. No evidence was found that suggests employee information was accessed, copied, or misused, although it was not possible to rule out data access and exfiltration.

Individuals whose information was exposed had either worked at the company in 1998 or were employed at some point between 2004 and February 25, 2019. The sensitive information of dependents of those employees was only exposed if they had been listed on employees’ health benefit elections between 2004 and 2019.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Identify protection and monitoring services are being offered to all individuals affected by the breach for 12 months at no cost.

Klaussner Furniture has improved data security practices, rebuilt affected systems, and implemented additional security measures to prevent further unauthorized access. Additional security measures are also being explored which could further protect employee data.

Veteran Health Administration Notifies 4,882 Patients of Impermissible PHI Disclosure

The Veteran Health Administration (VHA) has discovered an error in a mailing app has resulted in the protected health information of patients being included in letters sent to other patients. To send letters containing protected health information to patients, VHA uses a Xerox software-powered app to pull relevant data from electronic medical records for inclusion in mailings.

An error resulted in other patients imaging results, lab test results, and appointment schedules being printed on letters. In each case, the PHI was disclosed to one other patient. The error occurred on February 13 and was discovered and corrected on February 16, 2019. During that time, letters had been mailed to 4,882 patients. Patients whose PHI was impermissibly disclosed had previously received medical services at Martinsburg VA Medical Center in West Virginia.

All individuals impacted by the breach have now been notified. The VHA is currently reviewing quality control procedures and will make updates as appropriate to prevent any further PHI disclosures.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.