Tucson Emergency Room Patients’ PHI Stolen from Physician’s Vehicle

Approximately 1,000 patients in Southern Arizona have been notified of a breach of protected health information following the theft of a physician’s logbook.

The logbook had been left in the vehicle of a physician who worked for Emergency Medicine Associates, which provided ER staff for Carondelet Health Network hospitals in Tucson, Arizona. A thief broke into the physician’s vehicle on or around March 25, 2016 and took the logbook.

The physician had used the logbook to record brief notes relating to emergency room patients she had treated at Carondelet St. Joseph’s and Carondelet St. Mary’s hospitals in Tucson, AZ., between October 12, 2015 and March 25, 2016.

The types of data recorded in the logbook include names, ages, genders, dates of birth, and medical record numbers along with the name of the hospital visited, hospital ID numbers, and dates of emergency room visits. Social Security numbers and health insurance information were not exposed, although some patients’ medical conditions had been noted in the logbook.

Dr. Lori Levine, privacy officer for Emergency Medicine Associates, issued a statement saying “EMA takes safeguarding the privacy of its patients’ personal information very seriously.” She also explained that in response to the theft, Emergency Medicine Associates has provided staff with additional training on Health Insurance Portability and Accountability Act (HIPAA) Rules about safeguarding patient data.

Policies covering the use of logbooks by physicians are currently being reviewed in an effort to reduce the risk of similar breaches occurring in the future.

Since only a limited amount of patient data was exposed, affected individuals are not believed to face a high risk of suffering identity theft and/or fraud as a result of the PHI breach although, as a precaution, patients have been offered a year of credit monitoring services without charge.

The breach has been reported to the Department of Health and Human Services’ Office for Civil Rights, although at the time of posting the incident has not appeared on the OCR breach portal.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.