Main Street Clinical Associates, PA. located in Durham, NC has notified a number of its patients regarding the potential compromise of some of their protected health information (PHI) because of the stolen devices from its offices.
The theft happened after the evacuation of the Main Street offices in relation to a serious gas explosion. Employees at the office were instructed to leave the facility on April 10, 2019 after the explosion of an adjacent building. Because of the urgent evacuation, the employees simply left files and equipment on the desks. The room where patient records were stored was not locked. The building had extensive damages, so the employees weren’t allowed to go inside the office building until September 9, 2019. Once the employees returned to the offices, they discovered that thieves stole equipment, including two laptops, a clinician’s cell phone, and a printer that contains some patient data.
Main Street issued a press release recently stating that the laptops, the cell phone and the files containing patient data were password-protected. However, the devices were not protected by encryption, hence, it is possible for an unauthorized person to access the patient information. The information contained in the devices included names, Social Security numbers, driver’s license numbers, medical insurance data, and diagnosis and treatment data.
Main Street already updated passwords to prevent unauthorized access of patient information and is keeping tabs on any attempt of misusing the devices. Patients impacted by the breach are being sent notification letters by mail. Given that it wasn’t possible to know exactly who was affected, a number of media outlets were informed regarding the breach.
Theft of Loyola Medicine Patients’ Autopsy Pictures
Loyola Medicine located in Maywood, IL reported the theft of a camera from the Loyola University Medical Center. The camera contained the autopsy photos of 18 dead patients. The photos of nine persons were not uploaded yet to their medical record files and were lost for good.
The photos were not uploaded to the hospital records system because there’s a new camera installed but it did not have a cable for uploading the photos. Hence, the photos are simply saved on the memory card.
A spokesperson for Loyola Medicine said that they have taken steps to stop similar breaches from occurring, provided additional HIPAA training for employees and improved physical security.
Loyola Medicine has notified the families of the deceased patients regarding the loss of photos and reported the privacy breach to the Department of Health and Human Services’ Office for Civil Rights.