HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Law Enforcement Notifies Cambridge Health Alliance About PHI Breach

Cambridge Health Alliance (CHA) in Massachusetts has been notified by law enforcement that the protected health information of some of its patients has been discovered in the possession of an unauthorized individual.

On January 31, 2018, Everett Massachusetts Police Department notified CHA that files containing the PHI of some of its patients had been discovered in the possession of an individual unauthorized to have the information. After being notified of the breach, CHA conducted an internal investigation into the breach and examined the files.

At least one of the files contained PHI related to billing which included patients’ names, addresses, dates of birth, Social Security numbers, employer information, charges for healthcare services, and discharge dates. The data related to billing from 2013.

According to a breach notice sent to affected individuals by the law firm BakerHostetler on behalf of CHA, the breach impacted four individuals in New Hampshire, all of whom have been offered complimentary credit monitoring and identity theft protection services through Experian.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

While the breach notice states that only four individuals were impacted, the Boston Globe has reported that notification letters have been sent to approximately 2,500 patients. The details of the breach are the same apart from the number of individuals impacted.

According to the Boston Globe, CHA spokesman David Cecere confirmed that the incident is still being investigated and it is currently unclear how the information came to be stolen. Cecere said it could have been a hack or the information could have accidentally been made public.

In addition to the internal investigation, CHA has retained a computer forensics firm to provide assistance and attempt to determine exactly how the data was stolen.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.