The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Tucson Emergency Room Patients’ PHI Stolen from Physician’s Vehicle

Posted By on May 30, 2016

Approximately 1,000 patients in Southern Arizona have been notified of a breach of protected health information following the theft of a physician’s logbook.

The logbook had been left in the vehicle of a physician who worked for Emergency Medicine Associates, which provided ER staff for Carondelet Health Network hospitals in Tucson, Arizona. A thief broke into the physician’s vehicle on or around March 25, 2016 and took the logbook.

The physician had used the logbook to record brief notes relating to emergency room patients she had treated at Carondelet St. Joseph’s and Carondelet St. Mary’s hospitals in Tucson, AZ., between October 12, 2015 and March 25, 2016.

The types of data recorded in the logbook include names, ages, genders, dates of birth, and medical record numbers along with the name of the hospital visited, hospital ID numbers, and dates of emergency room visits. Social Security numbers and health insurance information were not exposed, although some patients’ medical conditions had been noted in the logbook.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Dr. Lori Levine, privacy officer for Emergency Medicine Associates, issued a statement saying “EMA takes safeguarding the privacy of its patients’ personal information very seriously.” She also explained that in response to the theft, Emergency Medicine Associates has provided staff with additional training on Health Insurance Portability and Accountability Act (HIPAA) Rules about safeguarding patient data.

Policies covering the use of logbooks by physicians are currently being reviewed in an effort to reduce the risk of similar breaches occurring in the future.

Since only a limited amount of patient data was exposed, affected individuals are not believed to face a high risk of suffering identity theft and/or fraud as a result of the PHI breach although, as a precaution, patients have been offered a year of credit monitoring services without charge.

The breach has been reported to the Department of Health and Human Services’ Office for Civil Rights, although at the time of posting the incident has not appeared on the OCR breach portal.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist