Naperville Psychiatrist May Have Had PHI of 10,500 Patients Exposed

by | Oct 18, 2017

The medical details of in excess of 10,000 patients of a Naperville, IL-based psychiatrist – Dr. Riaz Baber, M.D. – have been located in the basement of an Aurora residence by the female who rented the house from the psychiatrist.

The files in question had been kept in the basement for a minimum of at least four years.

The woman, Barbara Jarvis-Neavins, was allegedly given a key to the basement by the psychiatrist’s spouse as access was needed when workmen had to visit the residence. She, Ms. Jarvis-Neavins, was told that she was had to accompany workmen when they needed to access the basement.

Jarvis-Neavins said she wished to report the presence of the files, and that she was able to access the storage area, but thought that by doing this she would be asked to vacate the property by the landlord. When she was advised that she had to leave the house was being sold, she contacted law enforcement – including the FBI – and state regulators to report the incident. The FBI referred her to the Department of Health and Human Services’ Office for Civil Rights and she submitted a complaint. She also contacted media outlet NBC 5.

NBC 5 reporters investigation the tip off and broadcast the story in March, 2017. She advised reporters that boxes of files were stored in the basement and that the files  there “has [patients] name, their address, their birthdate, their social security number, what’s wrong with them, what they’re being treated for, and what medication.”

NBC 5 reporters went to the property and contacted Dr. Baber. His attorney released a statement confirming the tenant should not have been given access to the basement, that a key was never given to her, and that the records were secured and the doors to the basement were locked. The files were believed to have been removed from the property the day after NBC 5 contacted Dr. Baber.

On September 28, 2017, the Office for Civil Rights was made aware of the breach of 10,500 records of Dr. Riaz Baber. It is not obvious exactly why it took six months for the breach to be officially reported, when HIPAA Rules require a breach report to be filed within 60 days of identification.

Covered organizations and their business associates that choose to store physical records such as physicians’ notes, charts, x-ray films, or documents off site must put in place administrative, technical, and physical measure to ensure the confidentiality, integrity, and availability of patients’ protected health information (PHI). Access to the facility must also be restricted to stop unauthorized people from accessing PHI. In this case, some of the files were accessed by Jarvis-Neavins and the reporters, although no damage seems to have been done to patients.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy