Theft at Loyola Medicine and Main Street Clinical Associates Affected Patients’ PHI

by | Dec 3, 2019 | Compliance News

Because the devices were stolen from the offices of Main Street Clinical Associates, PA. based in Durham, NC, some patients received notifications concerning the likely compromise of their protected health information (PHI).

The theft transpired after the employees of Main Street evacuated the offices because of a dangerous gas explosion. The employees left the office after being instructed to do so on April 10, 2019 after an adjoining building exploded. The evacuation was so urgent that the employees just abandoned the records and equipment on the tables. They also did not lock the room where the patient records were kept. The property had substantial damages, hence until September 9, 2019, nobody was allowed to go within the building. When the employees went back to their workplaces, they found out that the equipment, which includes two laptop computers, a clinician’s mobile phone, and a printer containing patient data, were stolen by burglars.

Main Street gave a press release not too long ago saying that the laptop computers, the mobile phone and the files with patient information were protected with a password. Nevertheless, the devices had not been encrypted, therefore, an unauthorized person could have accessed the patient data. The data contained in the devices included names, medical insurance information, diagnosis and treatment data, Social Security numbers, and driver’s license numbers.

To stop further unauthorized access to patient data, Main Street already changed all passwords and is looking out for attempts of device misuse. Patients affected by the breach received notification letters via mail. Since there is no way of knowing accurately the affected patients, Main Street informed several media outlets about the security breach.

Autopsy Pictures of Loyola Medicine Patients Stolen

Maywood, IL Loyola Medicine reported that the Loyola University Medical Center camera was stolen. The camera stored the autopsy images of 18 deceased patients. The images of nine individuals were gone for good because they were not yet saved to their respective medical record files.

The photos were not yet saved to the hospital records system because the newly installed camera did not have a cable that connects to the records system to upload the images. Therefore, the photos are merely stored on the camera’s memory card.

A Loyola Medicine representative said that steps had been carried out to avert the same breaches. Employees received extra training and there had been improvements in physical security.

Loyola Medicine informed the patients’ families that the photos were lost and submitted a privacy breach report to the Department of Health and Human Services’ Office for Civil Rights.

3 Steps To HIPAA Compliance

Step 1 : Download Checklist.

Step 2 : Review Your Business

Step 3 : Get Compliant!

Our HIPAA compliance checklist will outline everything your organization needs to become fully HIPAA compliant. Fill in the form below to download it now.

View our privacy policy