HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Solis Mammography Notifies 500 Patients of PHI Exposure

An unencrypted laptop computer has been stolen from Ben-Ora, Hansen, Vanesian Imaging Ltd., dba Solis Mammography.

Solis Mammography learned on October 17, 2018 that the laptop had been stolen from its Phoenix, AZ clinic and reported the theft to law enforcement. To date the device has not been recovered. Attempts were made to reconstruct the data stored assisted by a leading computer forensics firm.

While the investigation confirmed that some patients’ protected health information had been downloaded to the device, it was not possible to ascertain the exact information that had been exposed.

Solis Mammography believes information such as patients names, birth dates, health insurance information, lab test results, medical images, and other information could have been stored on the device and have potentially been accessed by the individual in possession of the computer. Solis Mammography does not believe any financial information was downloaded onto the laptop.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Solis Mammography has taken steps to further secure patient information including strengthening access controls and reviewing and updating policies and procedures concerning the secure disposal of patient information.

No reports have been received to suggest any information stored on the device has been accessed and misused, although patients have been advised to monitor their statements from healthcare providers and insurers for services that have not been received.

Solis Mammography has reported the theft to the Department of Health and Human Services’ Office for Civil Rights on December 16, 2018. The breach report suggests up to 500 patients’ PHI may have been stored on the device.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.