The UAB Medicine Viral Hepatitis Clinic located in Birmingham, AL has encountered a violation of patients’ protected health information (PHI).
UAB Medicine employs the use of flash drives to shift data from its Fibroscan machine to a computer device. Two flash drives were discovered to be missing on October 25, 2017. The portable storage devices stored a restricted amount of PHI of 652 patients.
Information captured on the devices included details like first and last names, gender, birth dates, images and numbers relating to test results, medical diagnosis, names of referring physician, and the dates and times that examinations occurred.
UAB Medicine has remarked that no Social Security numbers, financial information, insurance details, addresses, or phone numbers were exposed in the breach.
An full search of Viral Hepatitis Clinic was finished, but the flash drives were not found. The investigation into the breach is not ended but it is still not known whether the flash drives were accidentally thrown away, lost within the facility, or if they were stolen from there. UAB Medicine therefore cannot confirm if the PHI on the devices has been viewed by anyone who was not permitted to do so.
The breach of PHI has resulted in UAB Medicine reviewing its existing policies and procedures and measures have been implemented to put a halt to similar incidents from occurring going forward. All patients affected by the incident were told so through the mail.
Due to the limited aspect of data that was accessible, patients are not believed to in danger of identity theft and fraud. As a precautionary measure, patients have been advised to monitor their credit reports for any suggestion of fraudulent activity.
Since the possibility of unauthorized access of PHI cannot disregarded, UAB Medicine is also giving patients in danger 12 months of credit monitoring and reporting services for free.