In the past few days, Associated Dermatology & Skin Cancer Clinic of Helena, MT, has reported a breach of physical protected health information (PHI) that may have impacted up to 1,254 patients.
A journal managed by an employee of Associate Dermatology was taken from her car on May 26, 2018. A thief broke into the vehicle and stole the personal journal, which stored information to help the individual with the provision of care to patients.
The variety of information saved in the journal included names and ages of patients, their referring physicians, short notes on patients’ medical record, reasons for visits, and visit comments. Patients whose PHI has been accessed by the thief had received medical services through Associated Dermatology between September 1, 2017 and May 24, 2018.
While highly sensitive details – the kind that can be used to steal identities – were not saved in the journal, there is a possibility that the information could be misused, although no reports have been received to date to imply that is the case.
The most serious risk is the use of the information in social engineering or phishing scams that try to get patients to reveal further information such as Social Security numbers, dates of birth, and health insurance details. Patients have been advised to be cautious in light of such scams.
The breach has lead to Associated Dermatology to adapt additional safeguards to ensure all forms of PHI are safeguarded and future incidents of this nature are mitigated.
The theft has been made known to law enforcement authorities who are attempting to locate the journal. The incident will also be made known to all appropriate authorities, including the Department of Health and Human Services’ Office for Civil Rights (OCR), in due course.
