HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Premier Patient Health Care Alerts Patients About Insider Data Breach

Carrollton, TX-based Premier Patient Health Care has discovered the protected health information of 37,636 patients has been obtained by an unauthorized individual in an insider wrongdoing incident.

Premier Patient Health Care is an Accountable Care Organization (ACO) that works with physicians to improve clinical outcomes under the Medicare Shared Savings Program (MSSP). The ACO and Premier Patient Health Care are operated and run by Premier Management Company, which is a business associate of many primary care physicians who are HIPAA-covered entities.

On April 30, 2020, Wiseman Innovations, a technology vendor used by Premier Management Company, determined a former Premier Patient Health Care executive had accessed its computer system in July 2020 after the termination of employment and viewed and obtained a file containing patient data.

A review of the file confirmed it contained the protected health information of patients of primary care physicians, including full names, age, date of birth, sex, race, county, state of residence, and ZIP code along with Medicare beneficiary information such as Medicare eligibility period, spend information, and hierarchical condition category risk score.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The investigation into the breach is ongoing, but it has not been possible to date to determine what the former executive did with the file after it was acquired, although no evidence has been found to indicate any attempted or actual misuse of patient information.

As a precaution, all affected patients have been advised to be vigilant and monitor their accounts for signs of fraudulent activity. Premier said policies and procedures are being reviewed and will be updated to help prevent similar incidents in the future.

Oregon Eye Specialists Reports Breach of Employee Email Account

The Portland-OR-based optometry group, Oregon Eye Specialists, has discovered a breach of its email environment and the exposure of the protected health information of certain patients.

On August 10, 2021, suspicious activity was detected in an email account, prompting a password reset and investigation. The investigation confirmed an unauthorized individual had gained access to certain employee email accounts from June 29, 2021, to August 30, 2021. A review of those accounts revealed they contained protected health information such as names, addresses, email addresses, dates of birth, dates of service, Social Security numbers, medical record numbers, passport numbers, driver’s license numbers, state identification numbers, military identification numbers, tax identification numbers, Medicare/Medicaid numbers, financial account information, credit/debit card numbers, health insurance information, treatment/diagnosis information, usernames/passwords, security questions and answers, and digital signatures. The types of information compromised varies from patient to patient.

No evidence has been found of any actual or attempted misuse of patient data at this stage but affected individuals have been advised to monitor their accounts and explanation of benefits statements for suspicious activity. Credit monitoring and identity protection services are being offered to affected individuals.

The breach has been reported to the HHS’ Office for Civil Rights as affecting 42,612 individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.