Brevard Physician Associates Clients Have PHI Exposed in Burglary

by | Nov 3, 2017

The protected health information (PHI) of almost 8,000 client  of Brevard Physician Associates may have been accessed following the theft of an office computer in a recent break in.

The burglary happened on September 4, 2017 – Labor Day – when the offices were shut for the holiday. Early that morning individuals illegally accessed the premises and obtained three office computers.

The local police responded to the incident after the burglary set off the alarm system although not in time to catch and arrest the individuals. A forensic examination of the office was carried out, although so far the burglars responsible have not been caught and the computers not recovered.

Two of the office computers did not hold any protected health information, but the third computer had five audit files saved to the hard drive on that device. The data in those audit files was restricted, although there was sufficient information to prompt the issuing of breach notifications to patients.

Brevard Physician Associates acted speedily and sent out breach notification letters to affected patients well within the timeframe permitted by the HIPAA Breach Notification Rule. Overall, 7,976 patients were possibly impacted and had the following private data accessed: Names, names of insurance providers, CPT codes for the services supplied, and the amounts charged for services.

The HIPAA Security Rule does not command the use of encryption on files, although if steps are taken not to encrypt data, an alternative, equivalent security measure must be used to safeguard the confidentiality, integrity, and availability of PHI. While these particular computers were not encrypted, they were protected with passwords and strong passwords had been put in place. Brevard Physician Associates also reports that these computers can be remotely wiped of all data, and that security control has been triggered. If the devices are logged on to the Internet, data will be remotely wiped of all data.

Brevard Physician Associates believes the danger– and future danger – of identity theft and fraud due to the incident is minimal. Even though addresses, dates of birth, telephone numbers, Social Security numbers, financial data and insurance ID numbers were not accessed and could not be seen by the thieves, steps have been taken to offer all affected patients 12 months of complimentary credit monitoring services.

The quick response from Brevard Physician Associates is to be commended. The speedy breach response, prompt issuing of notifications and for the steps taken to lessen risk greatly benefited their clients.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy