KS: Breach of Protected Health Information discovered at Decatur Health Systems
September 7 – OBERLIN, KS – On July 25, 2016, it was discovered that a CAT scan log binder detailing patient information was not in its typical location on the Decatur Health System (DHS) premises. The binder was believed to be taken from DHS premises between 5pm on July 22, 2016 and 7am on July 25, 2016. The binder contains personal information, including patient name, date of birth, date of exam, diagnosis leading to the CAT scan, ordering provider, and x-ray exposure levels.
After discovering the breach, DHS administration notified authorities, and continues to work with local and federal law enforcement in an effort to retrieve the binder, determine who took it, and determine how the information contained within the binder has been used. DHS officials have also conducted their own independent investigation into these matters. However, the binder is still missing.
DHS knows the importance of keeping protected health information private and sincerely apologizes to the patients whose names were in the binder. They are working to ensure all patient information contained in other hard copy records and other sources of patient information are secure. They have changed key locks within the facility, conducted audits, and implemented new policies and processes. DHS employees have received additional training on security beyond their annual education and training.
DHS officials say the binder contained a total of 707 patients. “Any patients who were potentially impacted by this situation have been sent letters from DHS notifying them of the event,” said Erica Fortin, DHS Privacy Officer. “Please read the letter thoroughly. If letter recipients have further questions, I encourage them to call me at 785-475-2208 ext 216 so they can receive complete and accurate information about the event.” Fortin went on to say that Social Security numbers were not included in the binder and therefore the risk of additional harm is low.