PHI Breach for Major Eye Care Group in Northern California
Retinal Consultants Medical Group in Sacramento, with 10 offices serving Northern California, has announced the theft of an unencrypted laptop computer.
Retinal Consultants Medical Group in Sacramento, with 10 offices serving Northern California, has announced the theft of an unencrypted laptop computer.
The organization has issued notifications but has not disclosed the number of affected patients, which it will have to do when it files a report with the HHS Office for Civil Rights, which enforces the HIPAA breach notification rule. The privacy officer for Retinal Consultants did not return a telephone call seeking information on the scope of the breach and whether affected patients are being offered credit/identity theft protective services, although the notification does not mention such services.
“In compliance with California and federal law, patients affected by the security breach are being notified of the incident, and, although the company is not aware of any access or misuse of the PHI by an unauthorized individual, they are strongly encouraged to take steps to eliminate or minimize any potential harm that could be caused by the theft,” according to the notification. “This includes, but is not limited to, obtaining credit reports from one or more of the major credit reporting agencies, and monitoring financial and banking accounts for unauthorized activity.”
The laptop, which was a component of a diagnostic imaging machine, was found missing on June 7. Protected information on the computer included patient name, date of birth, gender, race and optical coherence tomography images. Addresses, drivers’ license numbers and Social Security numbers were not on the laptop.
Retinal Consultants is increasing internal and external security of its premises and is determining “how we can further secure laptop data,” according to the notice.
The organization has issued notifications but has not disclosed the number of affected patients, which it will have to do when it files a report with the HHS Office for Civil Rights, which enforces the HIPAA breach notification rule. The privacy officer for Retinal Consultants did not return a telephone call seeking information on the scope of the breach and whether affected patients are being offered credit/identity theft protective services, although the notification does not mention such services.
“In compliance with California and federal law, patients affected by the security breach are being notified of the incident, and, although the company is not aware of any access or misuse of the PHI by an unauthorized individual, they are strongly encouraged to take steps to eliminate or minimize any potential harm that could be caused by the theft,” according to the notification. “This includes, but is not limited to, obtaining credit reports from one or more of the major credit reporting agencies, and monitoring financial and banking accounts for unauthorized activity.”
The laptop, which was a component of a diagnostic imaging machine, was found missing on June 7. Protected information on the computer included patient name, date of birth, gender, race and optical coherence tomography images. Addresses, drivers’ license numbers and Social Security numbers were not on the laptop.
Retinal Consultants is increasing internal and external security of its premises and is determining “how we can further secure laptop data,” according to the notice.
More for you
Loading data for hdm_tax_topic #reducing-cost...