OK, I don’t think I’ve ever seen a breach report quite like this one, so grab your favorite beverage and read what Brett Kelman reports on a company that ran into trouble with regulators and then filed for bankruptcy…. and in the process, managed to lose access to all their patients’ stored records because the people who had access to the storage units no longer work for them!
This has to be one for the cautionary tales book you always wanted to write.
PainMD and its parent company, MedManagement, once owned or operated as many as 30 clinics in Tennessee, Virginia and North Carolina. Federal and state authorities have sued PainMD and its owners of defrauding the government out of millions by pressuring patients into unnecessary painful injections, then intentionally mislabeling the injections while billing Medicare, Medicaid and TriCare. Three PainMD nurse practitioners were indicted on these same allegations in April.
As part of bankruptcy filing, the company revealed that some patient medical records are maintained electronically, but that “many” patient records are kept in file boxes in storage. Medical records and charts are currently kept in at least 23 storage units spread across 10 companies. PainMD claims it can no longer enter any of these storage units because “everyone with access is no longer employed with company.”
That’s a problem for the storage companies too.
Read it all on The Tennessean.