Car Theft Leads to Revelation of PHI of 2900 People

Insurance Data Services (IDS), a Wyoming-based medicinal invoicing firm, has begun to send break notice letters to patients of Claystone Clinical Associates, one of its HIPAA-covered customers, to notify them of the possible revelation of some of their Protected Health Information (PHI).

A West Michigan based Delivery Service had been contracted by IDS to deliver client mailings; however, the automobile utilized by the courier firm was thieved on September 15. The automobile thievery happened at Zondervan Publishing in Kentwood, MI.

The automobile thievery was reported to police officials and an inquiry into the thievery has started. Luckily, the burglary was caught by closed-circuit TV cameras; but, the footages exposed a gloved and masked person going into the automobile and driving away. Therefore, it hasn’t been possible to find a dodgy at this time. The automobile has now been located as well as recovered, but the substances had been taken away by the robber.

No electronic PHI was revealed; however, patient mails were stolen from the automobile. The info contained in the mails didn’t contain any dates of birth, financial information, Social Security numbers or medical insurance numbers; nevertheless, patient names, addresses, phone numbers, diagnosis codes, treatment codes, account balances as well as health insurer names have possibly been undermined. Roughly 2,900 people are believed to have been impacted by the security break.

According to HIPAA Laws, covered entities, as well as their Bas, are permitted up to 60 days to deliver break notice letters to patients impacted by a data break. Several choose to defer informing the victims for several weeks; nevertheless, IDS has acted swiftly and began to inform impacted patients within 10 days of the break in an attempt to alleviate the danger of identity robbery. IDS hasn’t received any info to indicate data have been used wrongly thus far. As a protection, the firm has provided impacted patients with info concerning the measures that can be taken to safeguard their individualities.

Healthcare suppliers, as well as their Bas, can take many steps to protect the PHI of patients as well as health plan members, like encrypting electronically saved files; nevertheless, paper files can’t be encrypted.  Therefore, security cases like this are difficult to avoid.

It’s not clear whether the automobile driver was to accuse in any way for the automobile thievery, however, IDS has decided not to use the firm for any forthcoming deliveries. IDS has also declared that it will be reviewing its plans to avoid similar cases from happening in the future.

There have been several cases of PHI thievery reported to the Department of Health and Human Services’ Office for Civil Rights in current months, with August being a specifically bad month for HIPAA-covered bodies. Loss, as well as thievery of PHI, was the main reason of data breaks for the month of August.

Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.