Patient Steals Other Patients’ Info
Paul Smith reports on an incident at a Lancaster, Pennsylvania medical practice:
A patient at Crooked Oak Family Medicine stole a document containing personal information about some of the practice’s other patients on February 5, 2013.
Read more on Fox43.
A statement posted today on Lancaster General Health‘s web site says:
A Crooked Oak Family Medicine patient stole a document containing personal information about some of the practice’s patients on Feb. 5, 2013.
The patient was at Crooked Oak, Lancaster, for an appointment and while there, became agitated and disruptive. To calm the patient, he was taken to the office of the practice manager. While meeting with the practice manager, the patient grabbed a stack of papers from the manager’s desk. He then ran out of the building before practice personnel could stop him. LG Health Security notified Manheim Township Police and several attempts were made to retrieve the document with patient information from the patient. Unfortunately, the patient did not return the document.
The document stolen included patient names, genders and dates of birth, whether they had received certain cancer screenings such as a mammogram, colonoscopy, etc., whether a pediatric well child-care visit had been conducted and whether they received the pneumococcal vaccination. The document contained no Social Security numbers, no addresses and no credit card information.
There is no evidence that patient information has been misused. Lancaster General Medical Group (LGMG) and its Crooked Oak practice are reviewing its office policies and procedures to prevent a similar incident in the future.
LGMG is offering 12 months of free, identity theft protection services to any Crooked Oak Family Medicine patient whose information was included in the stolen document. The services include credit monitoring, access to fraud resolution representatives, and more.
Patient questions regarding this incident can be directed to ID Experts at 1-866-833-7924.
This release is in accordance with the Health Information Technology for Economic and Clinical Health (HITECH) Act. Lancaster General Medical Group has notified its affected patients and the Department of Health and Human Services.
It’s not clear why the patient grabbed documents and why he reportedly wouldn’t return a document with other patients’ information. Was it no longer in his possession or did he just refuse to return it, and if so, did the practice seek a court order? And why did he grab the information? There’s no doubt in my mind that this is a reportable breach under HITECH, but it would be nice to know his motivation in taking the files and his reasons for refusing to return them.