Private documents holding the PHI of patients have been stolen by a former employee of the Center for Health Care Services (CHCS) in San Antonio, a provider of mental health treatment and support services for patients with intellectual and developmental disabilities.
Notifications of the breach have been sent to 28,434 patients who received care at CHCS before the summer of 2016.
The breach of PHI was only found on November 7, 2017, but the data theft happened over 17 months ago. The former member of staff was relieved of their position on May 31, 2016, with the data saved to a personal laptop after that, according to a recent CHCS press statement.
The breach was found during discovery in a litigation case between the former health care worker and CHCS. No details have been made public about the manner of the litigation.
The documents in question held a wide range of highly sensitive data on patients, including adults and infants. The data included names, dates of birth, addresses, Social Security numbers, dates and sorts of services, medical record details, referral information, progress records, medical diagnoses, medications prescribed, treatment plans, laboratory and toxicology reports, death certificates, autopsy reports, discharge dates, death summaries, and collateral hospital data.
The rationale for the former member of staff taking the data is unclear, although it does not appear that the information has been used for criminal intentions. CHCS believes the information has not been sent to any unauthorized individuals, other than the former member of staff’s legal representatives. CHCS legal counsel have also reportedly obtained a copy of the PHI.
According to the CHCS news statement, the patients in question are not believed to be at risk and there are no steps need to be taken by patients as a result of the breach. Patients will be informed if the situation evolves.