HHS breach entries that leave us wondering
HHS’s public breach tool continues to provide evidence of breaches involving patient information, but unfortunately, we often don’t know the details. The following incidents were recorded on their breach tool, but I have been unable to find any public notices (substitute notices or press releases) or web site notifications. Indeed, some of the practitioners listed below do not seem to maintain any web sites for their practices:
Dr. Paul Perron of California reported that 4,000 patients were affected by a breach on December 15, 2013 that involved “Unauthorized Access/Disclosure” of information on the network server. Dr. Perron named Dr. Veronica Joann Barber as an involved business associate. But what does that breach type mean in this case?
Abrham Tekola, M.D.,Inc of CA reported that 5,471 patients had information that was on a desktop computer stolen on May 27. Or was the desktop really stolen? Could it be that just the data were stolen?
Dennis Flynn, M.D. of Illinois reported that 13,646 patients had information on a laptop that was stolen on July 19.
St. Elizabeth’s Medical Center in Massachusetts reported that 595 patients had information that was on “Laptop,
Other Portable Electronic Device” stolen on July 4.
Kaiser Foundation Health Plan Of Colorado reported that 11,551 were affected by a breach on July 24 that involved “Unauthorized Access/Disclosure.” Again, what does that mean? Was this an email error, a web exposure, a rogue employee? What?
Apple Valley [Christian] Care Center in California reported that 1,251 patients had information involved in a hack that occurred on February 18 and that was discovered 1251 02/18/2014 on June 13.
If anyone has additional details on these incidents, please use the Comments section below. And if you received a breach notification letter for any of these incidents, please email a copy to admin[at]phiprivacy.net