Patients PHI Exposed in Two Separate HIPAA Breaches

Two HIPAA-covered organizations are making their patients aware that some of their protected health information (PHI) has been stolen by unauthorized individuals in recent times.

PHI Stolen from Staff Member of Christus Spohn Hospitals

The protected health information of people being treated at two Christus Spohn Hospitals in Corpus Christi has been obtained in a recent theft.

A Christus Spohn staff member was burgled on April 16, 2018 and PHI was obtained including data such as names, birth dates, dates of service, medical history numbers, account numbers, ages, and other medical information. No financial details, driver’s license numbers, or Social Security numbers were taken.

Patients impacted by the theft had previously attended Christus Spohn Health System’s Memorial or Shoreline hospitals. While PHI was stolen, the information does not seem to have been used improperly. Christus Spohn has revealed that around 1,800 patients have been impacted by the incident.

Measures have already been implemented to prevent further incidents like this from occurring, and the staff member in question has received additional training on actions that need to be adapted to ensure protected health information is secured.

PHI of Clients of a San Francisco Acupuncturist Clinic Stolen

The patients of San Francisco acupuncturist Denise M. Bowden are being alerted that some of their PHI was taken from her Pacific Heights clinic. The acupuncturist noticed the burglary on April 30, 2018, with the offices illegally entered at some point over the previous weekend.

The thief obtained a computer from the clinic that contained data including clients’ names, addresses, contact telephone details, times and dates of service, diagnosis codes, and health insurance details. No financial details or Social Security information was stored on the computer in question.

Even though the computer was password protected, patient data were not encrypted and could possibly be seen by unauthorized people. No reports have been filed to suggest any of the data on the computer has been accessed and used improperly. Patients were alerted regarding  of the breach by mail on June 11, 2018.