PHI Stolen in San Francisco and Corpus Christi Burglaries
Two HIPAA-covered entities are alerting patients that some of their protected health information (PHI) has been obtained by thieves in recent burglaries.
PHI Taken from Employee of Christus Spohn Hospitals
The protected health information of patients of two Christus Spohn Hospitals in Corpus Christi has been stolen in a burglary.
A Christus Spohn employee was burgled on April 16, 2018 and PHI was taken including information such as names, birth dates, dates of service, medical record numbers, account numbers, ages, and other medical data. No financial information, driver’s license numbers, or Social Security numbers were compromised.
Patients affected by the breach had previously received treatment at Christus Spohn Health System’s Memorial or Shoreline hospitals. While PHI was obtained, the information does not appear to have been misused. Christus Spohn has confirmed that approximately 1,800 patients have been affected by the incident.
3 Steps To HIPAA Compliance
Please see HIPAA Journal
- Step 1 : Download Checklist.
- Step 2 : Review Your Business.
- Step 3 : Get Compliant!
The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.
Steps have already been taken to prevent further incidents of this nature from occurring, and the employee in question has received further training on measures that need to be taken to ensure protected health information is safeguarded.
PHI of Patients of a San Francisco Acupuncturist Stolen
San Francisco acupuncturist Denise M. Bowden is notifying patients that some of their PHI was stolen from her Pacific Heights office. The acupuncturist discovered the burglary on April 30, 2018, with the offices ransacked at some point over the weekend of 28/29 April.
The thief stole a computer from her office that contained information such as patients’ names, addresses, contact telephone numbers, dates of service, diagnosis codes, and health insurance information. No financial information or Social Security numbers were stored on the computer.
While the computer was password protected, patient data were not encrypted and could therefore potentially be viewed by unauthorized individuals. No reports have been received to suggest any of the information on the computer has been accessed and misused. Patients were notified of the breach by mail on June 11, 2018.