HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Oklahoma State University Center for Health Sciences Informs Patients of PHI Breach

Oklahoma State University Center for Health Sciences (OSUCHS) has discovered an unauthorized individual has gained access to parts of its computer network and potentially accessed files containing billing information of Medicaid patients.

The security breach was discovered on November 7, 2017 with access to the network terminated the following day. Third party computer forensics experts were called upon to conduct a comprehensive investigation to determine which parts of the network had been accessed, and whether patient health information had been accessed or stolen.

The investigation confirmed that patient health information could potentially have been viewed, although it was not possible to determine whether patient information had been accessed or stolen. OSUCHS reports that it has not received conclusive information to suggest any patient information has been misused.

Out of an abundance of caution, all individuals potentially impacted by the incident have been notified of the breach by mail and advised that they should be alert to the possibility that their personal information could potentially be misused.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

OSUCHS says medical records were not compromised and the breach was limited to names, healthcare provider names, Medicaid numbers, dates of service, and a limited amount of treatment information. Only one Social Security number was present on the compromised server.

The breach has prompted OSUCHS to conduct a review of security protections and additional measures have now been implanted to better protect patient information in the future.

The Department of Health and Human Services’ Office for Civil Rights breach portal indicates 279,865 individuals were affected by the breach.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.