HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

PHI of Veterans with PTSD Potentially Compromised in OSU Data Breach

An Ohio State University (OSU) pilot program to help veterans recover from Post Traumatic Stress Disorder (PTSD) and other mental health issues was breached and the personal information of patients has been compromised, according to a recent NBC4 Investigates Report.

The (OSU) Veterans Neuromodulation Operation Wellness (NOW) pilot program was shut down permanently on June 15, 2021, but prior to the closure, a data breach occurred. OSU explained in its notification letters to affected individuals that the breach was detected on April 24, 2021, and occurred between January 25, 2021, and March 4, 2021.

NBC4 Investigates spoke with one veteran who received a June 14, 2021, notification letter from the Office of Compliance and Integrity informing him that his name, address, Social Security number, and medical history may have been compromised. It is currently unclear how many individuals have been affected by the breach.

The Veterans Now Program was paused in March 2021 for a week, with the program’s lead doctor placed on leave. The program was then re-started without the lead doctor but was shut down permanently on June 15, 2021. An OSU spokesperson said the shutdown was due to noncompliance issues. It is unclear whether those noncompliance issues were related to the data breach.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Physicians Dialysis Reports Potential PHI Breach

Physicians Dialysis is alerting certain patients that some of their protected health information has potentially been compromised as a result of a security breach.

Unusual activity was detected in its systems on March 21, 2021 and independent cybersecurity experts were engaged to assist with the investigation to determine the nature and scope of the breach. That investigation revealed unauthorized access to a database containing the protected health information of current and former patients, including names, addresses, birth dates, medical information, Social Security numbers, health insurance information, and claims information.

It took until June 22, 2021, to identify affected individuals and verify contact information. Notification letters were sent to affected individuals on June 25, 2021.

Individuals whose Social Security number was compromised have been offered complimentary credit monitoring services through IDX. Since the breach was discovered, Physicians Dialysis has implemented additional security measures to prevent similar breaches in the future.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.