HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Stolen Hard Drive Contained PHI of 76,000 Texas Patients

All-Star Orthopaedics is alerting patients of Irving, TX-based Las Colinas Orthopedic Surgery & Sports Medicine, PA, that some of their protected health information (PHI) was stored on a hard drive that has been stolen.

The hard drive contained X-ray and other diagnostic images of 76,000 patients, along with patients’ names and dates of birth. The hard drive was not encrypted, but special software is required to access the images. The image files would need to be opened in order to see patients’ names and dates of birth.

The hard drive was stolen on November 20, 2018 and the theft was reported to the Department of Health and Human Services’ Office for Civil Rights on January 18, 2019. Breach notification letters have now been sent to all affected patients.

The theft has prompted All-Star Orthopaedics to implement new security protocols and all portable hard drives will now be encrypted prior to transport.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Dermacare Brickell Data Breach Impacts 1,800 Patients

On November 20, 2018, the Miami medical practice Dermacare Brickell discovered paperwork containing the PHI of around 1,800 patients was missing.

The paperwork had been removed from a locked storage unit at The Vue Condominium, close to its office. The files related to patients who had received medical services at the practice between 2010 and 2013.

The medical practice determined that boxes of files had been mistakenly removed and disposed of a condominium association dumpster along with regular trash. The person responsible assured the practice that he did not read any of the files in the boxes and was unaware that the boxes contained patient files.

The improper disposal has been reported to the Miami Police Department and patients have been notified as a precaution, although no evidence has been uncovered to suggest any information has been viewed by unauthorized individuals or misused.

The files did not contain financial information or Social Security numbers, only names, birth dates, previous medical histories as provided by patients, and practice treatment notes.

All patient files will now be stored within its offices. The practice is in the process of transitioning to electronic medical records and all paper copies of records will be shredded once that process has been completed.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.