HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

PHI Stolen in San Francisco and Corpus Christi Burglaries

Two HIPAA-covered entities are alerting patients that some of their protected health information (PHI) has been obtained by thieves in recent burglaries.

PHI Taken from Employee of Christus Spohn Hospitals

The protected health information of patients of two Christus Spohn Hospitals in Corpus Christi has been stolen in a burglary.

A Christus Spohn employee was burgled on April 16, 2018 and PHI was taken including information such as names, birth dates, dates of service, medical record numbers, account numbers, ages, and other medical data. No financial information, driver’s license numbers, or Social Security numbers were compromised.

Patients affected by the breach had previously received treatment at Christus Spohn Health System’s Memorial or Shoreline hospitals. While PHI was obtained, the information does not appear to have been misused. Christus Spohn has confirmed that approximately 1,800 patients have been affected by the incident.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Steps have already been taken to prevent further incidents of this nature from occurring, and the employee in question has received further training on measures that need to be taken to ensure protected health information is safeguarded.

PHI of Patients of a San Francisco Acupuncturist Stolen

San Francisco acupuncturist Denise M. Bowden is notifying patients that some of their PHI was stolen from her Pacific Heights office. The acupuncturist discovered the burglary on April 30, 2018, with the offices ransacked at some point over the weekend of 28/29 April.

The thief stole a computer from her office that contained information such as patients’ names, addresses, contact telephone numbers, dates of service, diagnosis codes, and health insurance information. No financial information or Social Security numbers were stored on the computer.

While the computer was password protected, patient data were not encrypted and could therefore potentially be viewed by unauthorized individuals. No reports have been received to suggest any of the information on the computer has been accessed and misused. Patients were notified of the breach by mail on June 11, 2018.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.