HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

PHI Theft Incidents Reported by Loyola Medicine and Main Street Clinical Associates

Main Street Clinical Associates, PA., in Durham, NC has informed certain patients that some of their protected health information was stored on devices that were stolen from its offices.

The theft occurred when the Main Street offices had been evacuated due to a severe gas explosion. Staff at the office were ordered to evacuate the building on April 10, 2019 following an explosion in an adjacent building. Files and equipment were left on desks due to the urgent evacuation, and the room containing patient records was left unlocked. The damage to the building was extensive. Staff were not permitted to re-enter the building until September 9, 2019. When the staff returned, it was discovered the offices had been looted and equipment had been stolen. Two laptop computers had been taken, along with the cell phone of a clinician, and a printer containing some patient information.

Main Street explained in a recent press release that the laptop computers and cell phone were password-protected, as were files that contained patient information. Since they devices were not encrypted, it is possible that patient information could have been accessed. The devices contained information such as names, driver’s license numbers, Social Security numbers, health insurance information, and diagnosis and treatment information.

Main Street has changed passwords to prevent patient information from being accessed and is monitoring for any attempted misuse of the devices. Patients known to have had their information exposed, for whom up to date contact information is held, are being notified by mail. Since it was not possible to determine exactly which patients have been affected, several media outlets have also been notified about the breach.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Loyola Medicine Notifies Patients of Theft of Autopsy Photos

Loyola Medicine in Maywood, IL has announced a camera containing autopsy photographs has been stolen from Loyola University Medical Center. The camera contained images of 18 deceased patients. Photographs of nine of those individuals had not been uploaded to the patients’ medical record files and have been permanently lost.

According to a CBS 2 report, the photographs had not been uploaded to the hospital system as a new camera had been purchased and it was not supplied with a cable to allow the photographs to be uploaded, so they remained on the memory card.

According to a spokesperson for Loyola Medicine, steps have been taken to prevent further breaches of this nature from occurring, including providing further training for staff and improving physical security.

The families of the deceased patients have now been notified of the loss of photographs and the privacy breach has been reported to the Department of Health and Human Services’ Office for Civil Rights.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.