Share this article on:
Carrollton, TX-based Premier Patient Health Care has discovered the protected health information of 37,636 patients has been obtained by an unauthorized individual in an insider wrongdoing incident.
Premier Patient Health Care is an Accountable Care Organization (ACO) that works with physicians to improve clinical outcomes under the Medicare Shared Savings Program (MSSP). The ACO and Premier Patient Health Care are operated and run by Premier Management Company, which is a business associate of many primary care physicians who are HIPAA-covered entities.
On April 30, 2020, Wiseman Innovations, a technology vendor used by Premier Management Company, determined a former Premier Patient Health Care executive had accessed its computer system in July 2020 after the termination of employment and viewed and obtained a file containing patient data.
A review of the file confirmed it contained the protected health information of patients of primary care physicians, including full names, age, date of birth, sex, race, county, state of residence, and ZIP code along with Medicare beneficiary information such as Medicare eligibility period, spend information, and hierarchical condition category risk score.
The investigation into the breach is ongoing, but it has not been possible to date to determine what the former executive did with the file after it was acquired, although no evidence has been found to indicate any attempted or actual misuse of patient information.
As a precaution, all affected patients have been advised to be vigilant and monitor their accounts for signs of fraudulent activity. Premier said policies and procedures are being reviewed and will be updated to help prevent similar incidents in the future.
Oregon Eye Specialists Reports Breach of Employee Email Account
The Portland-OR-based optometry group, Oregon Eye Specialists, has discovered a breach of its email environment and the exposure of the protected health information of certain patients.
On August 10, 2021, suspicious activity was detected in an email account, prompting a password reset and investigation. The investigation confirmed an unauthorized individual had gained access to certain employee email accounts from June 29, 2021, to August 30, 2021. A review of those accounts revealed they contained protected health information such as names, addresses, email addresses, dates of birth, dates of service, Social Security numbers, medical record numbers, passport numbers, driver’s license numbers, state identification numbers, military identification numbers, tax identification numbers, Medicare/Medicaid numbers, financial account information, credit/debit card numbers, health insurance information, treatment/diagnosis information, usernames/passwords, security questions and answers, and digital signatures. The types of information compromised varies from patient to patient.
No evidence has been found of any actual or attempted misuse of patient data at this stage but affected individuals have been advised to monitor their accounts and explanation of benefits statements for suspicious activity. Credit monitoring and identity protection services are being offered to affected individuals.
The breach has been reported to the HHS’ Office for Civil Rights as affecting 42,612 individuals.