HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Potential Privacy Breach at Planned Parenthood Dubuque Health Center

On July 1, 2016, Planned Parenthood of the Heartland announced that the protected health information (PHI) of certain patients of its Dubuque health center in Iowa may have been accessed by unauthorized individuals.

The health center permanently closed its doors to patients this April year and the premises was listed for sale and was sold. However, hard copies of patient files were left in the Dubuque health center. In April 2016, individuals entered the medical center and could potentially have viewed and/or copied patient files. The potential breach was discovered by Planned Parenthood on May 6, 2016. The files have now been removed from the premises and have been secured. Planned Parenthood said this was an isolated incident and is not representative of the stringent privacy standards usually maintained by the healthcare organization.

Patients affected by the potential privacy breach had sought treatment at the Dubuque health center between August 1, 2008 and April 30, 2014. In total, the PHI of 2,506 patients may have been compromised. Patients have now been notified of the breach and a substitute breach notice has been placed on the Planned Parenthood website.

Patient files contained full names, mailing addresses, dates of birth, health insurance information, Social Security numbers, medical record numbers, lab test results, medical diagnoses, and treatment information.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Planned Parenthood conducted an investigation into the privacy incident, although no evidence was uncovered to suggest that the patients’ files were accessed or that any patient data were used inappropriately. However, patients are being advised of the potential breach to allow them to take steps to mitigate any potential negative impact.

Planned Parenthood has suggested that patients visit the Federal Trade Commission website for further information on identity theft and to find out about the steps that can be taken to mitigate risk.

According to a statement issued by Planned Parenthood’s Chief Clinical Officer Penny Dickey, the incident has prompted “a comprehensive examination of our processes to ensure such an incident will never occur again.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.