Privacy Breach Reported by Bay Area Chiropractic Center

In December, Bay Area Chiropractic Center LLC was advised that a substitute doctor who had worked at the Coos Bay facility had used a patient list that he compiled while employed by the company to drum up business for his own private practice.

The physician was employed by Bay Area Chiropractic Center between June 1 and August 31, 2015. While employed at the company, the physician compiled a patient list which included patient names, addresses and contact telephone numbers. The data were taken from patient’s charts supplied to him in order for treatment to be provided to patients. The physician was not given permission to store the data, remove them from the company facilities, or to contact patients.

The data were apparently stored in a Word document on a zip drive and were also stored on a mobile phone used by the physician. According to a breach notice sent to the Oregon Department of Justice, the physician is no longer in possession of the phone. It is unclear whether the data stored on the phone were securely erased before the device was disposed of.

Bay Area Chiropractic Center was alerted to the privacy breach by a former business manager. The company was told that the physician had used the data to try to get patients to transfer to his practice to continue to receive treatment. He is alleged to have contacted patients without authorization, and according to the complaint, told them that Bay Area Chiropractic Center was closing its doors and that their care had been transferred to his practice.

Bay Area Chiropractic Center was alerted to the privacy breach on December 10, 2015 and started sending notification letters to affected patients on December 22, 2015. Patients were advised about the breach of their privacy and the letters explained that Bay Area Chiropractic Center was not closing its doors and would be continuing to provide treatment to its patients. The data theft was also reported to the Coos Bay Police department and the Oregon Department of Justice was advised of the privacy breach earlier this month.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.