The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

StarCare Specialty Health System Reports Potential PHI Breach

Posted By on Jul 28, 2016

The protected health information of 2,844 StarCare Specialty Health System patients has potentially been compromised following the burglary of StarCare/StarQuest offices in Lubbock, Texas on May 30, 2016.

Thieves broke into the offices at 3315 East Broadway and stole five laptop computers. One of those devices contained the ePHI of patients including names, telephone numbers, Social Security numbers, medical record numbers, Medicaid/Medicare numbers, diagnoses, and admission and discharge dates. It is unclear whether the laptop was password protected, although the data were not encrypted.

A box of patient files was also in the office and it is possible that the information contained in some of the files may have been viewed by the burglars, although the paperwork was not removed from the office.

All affected individuals had previously received Behavioral Health program services, Intellectual Developmental Disabilities program services, and/or and Therapeutic Treatment Community services from StarCare.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

While it is not possible to prevent break-ins and theft of equipment, it is possible to implement controls to prevent the exposure of PHI and to limit the damage caused when portable storage devices are stolen.

StarCare Specialty Health System had implemented technology to allow laptop computers to be remotely deactivated in the event of loss or theft. Upon discovery of the theft, StarCare was able to remotely disable the laptop computer to prevent ePHI from being accessed.

The burglary prompted StarCare Specialty Health System to conduct a full review of its security controls and additional protections will be put in place at its offices. The decision has also been taken to use data encryption on all of its computers.

Patients affected by the breach are in the process of being notified and are being offered a year of credit monitoring and identity protection services for a period of one year without charge. Patients will also be protected by an identity theft insurance policy and in the event that identities are stolen, patients will benefit from identity restoration services. At the time of writing, no reports of unauthorized use of ePHI have been reported.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist