1,326 healthcare patients in Texas have been notified that some of their PHI was left unattended and unprotected, and was potentially viewed by unauthorized individuals. Patients affected by the Premier Physicians Group data breach had received treatment from Dr. Mario Gross who was previously employed by the clinic. Dr. Gross has also worked for a number of healthcare providers in the Midland, TX region. Many of those organizations have also recently issued breach notices to their patients.
The Premier Physicians Group data breach was discovered on April 8, 2016. Documents containing the PHI of patients were found in a former residence of Dr. Gross. Dr. Gross had vacated the premises and ownership of the properly had been transferred to a local bank. However, a number of records that had been kept by Dr. Gross had been left behind in the property.
It is unclear how many individuals potentially had access to the documents during the time they were exposed, or whether the PHI of patients was actually viewed by unauthorized individuals. Premier Physicians Group was unable to rule out the possibility.
After being notified about the documents they were collected and have now been secured. The documents were examined to determine the extent of PHI exposed and which patients had been affected. Patients have now been informed of the Premier Physicians Group data breach by mail, in accordance with Health Insurance Portability and Accountability Act (HIPAA) Rules.
The documents contained a range of PHI including names, medical record numbers, dates of birth, medical insurance information, clinical data, and Social Security numbers. Premier reports that no financial information was contained in the documents.
Premier Physicians Group has taken action to prevent any further breaches of PHI of this nature. Staff members have been informed of the incident and have been instructed to update their own privacy controls to ensure that PHI is protected at all times. Internal policies and procedures have also been updated.
It is not clear at this stage exactly how many other healthcare organizations have had to notify patients of this privacy breach, although Midland Memorial Hospital has already notified 1,468 patients of the privacy breach and 717 patients of Midland Women’s Clinic have also been sent breach notification letters in the past few days.
The Premier Physicians Group data breach was reported to the Department of Health and Human Services’ Office for Civil Rights on July 20, 2016.