HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

PHI Potentially Compromised in Security Incidents at People Incorporated and My Choice HouseCalls

People Incorporated Mental Health Services, a provider of integrated behavioral and mental health services in Minnesota, is notifying 27,500 patients that some of their protected health information was exposed in an email account breach between April 28, 2020 and May 4, 2020.

Prompt action was taken to block further access to the email accounts and an investigation was launched to determine the nature and scope of the breach. Assisted by third-party cybersecurity experts, and after conducting a manual document review, People Incorporated discovered on September 8, 2020 that the email accounts contained patients’ personal and protected health information. While third party access to the email accounts had occurred, no evidence was found to indicate any information was stolen or has been misused.

The PHI in the compromised accounts included names, dates of birth, addresses, treatment information, insurance information, and medical record numbers and, for a limited number of individuals, Social Security numbers, financial account information, health insurance information, and driver’s license or state identification numbers. Credit monitoring services have been offered to individuals whose Social Security number was potentially compromised.

People Incorporated has taken steps to ensure threats are identified and remediated more rapidly in the future, additional technical security measures have been implemented, and further training has been provided to employees on the identification and handling of malicious messages.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

PHI Potentially Compromised in My Choice HouseCalls Burglary

My Choice HouseCalls, an in-home primary care provider in Jacksonville, Florida, experienced a break-in at its administrative offices on or around September 3, 2020 and several computers were stolen. The theft was reported to law enforcement, but the stolen equipment has not been recovered.

A forensic examination confirmed the computers contained the following types of patient information: Names, addresses, provider names, provider routes, facilities where patients are located, patient profile pictures, types of visits, medical histories, diagnoses,  durable medical equipment supplier names, the companies providing home health services and their notes, insurance information and patient and provider contact information.

My Choice HouseCalls is now implementing whole drive encryption to prevent the exposure of patient information in the event of another burglary. The breach report submitted to the HHS’ Office for Civil Rights shows 3,370 patients have been affected.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.