200K HIPAA Covered Records Exposed by ‘Curious’ Staff Members

by | Dec 7, 2014

The Early Learning Coalition of Palm Beach County has revealed that a now departed member of staff has inappropriately accessed a database containing the medical records of up to 230,000 patients.

The database included personal information of parents and children who have attended centers or received services from the group. The affected people are thought to be those having received school readiness services or taken part in the Voluntary Prekindergarten Education Program according to a statement released by the ELC.

The unauthorized access happened at the Belle Glade office of Family Central Inc. and has been confirmed as having affected 37 patients, although the matter is still under review and the final number of victims is not yet known. The data that may have been accessed included personal information such as names and contact details, and almost half of the records in the database included Social Security numbers.

The former member of staff, who was not named in the statement, “accessed the database in an unauthorized manner in order to obtain the personal information, including social security numbers, of individuals contained in the database,” according to the ELC. The statement revealed that the individual was no longer employed at the facility.

The breach is thought to have been small and the people confirmed as having been affected have been notified by email, although all persons who have previously received services from the ELC have been warned to closely monitor their credit as a precaution and to enroll for free credit alerts with one of the three major credit agencies.

An internal review is still underway and law enforcement officers have been told about the inappropriate data access. In reaction to the security breach the ELC reported that it has changed its policies to enhance data security and is restricting access to patient data. Security training will be given to staff to ensure they are aware of the company policies and their responsibilities under HIPAA.

It may behard to determine the total number of records that were accessed if an adequate monitoring system was not in place to log access to the information, with the OCR may consider a HIPAA violation. Under HIPAA regulations, a body or group required to store or use Protected Health Information must ensure the appropriate physical, administrative and technical safeguards are put in place to secure health data. Even in instances where only a small number of records have been exposed, fines can be issued for placing the entire database at risk and can lead to major financial penalties being applied.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy