An Oberlin, Kansas facility suffered data breach when its binder went missing. It reported a PHI breach. Facility found out that a CAT scan log binder was not in its regular place. According to the Decatur Health Systems (DHS), mentioned in an online statement that the binder went missing from DHS between 5pm on July 22, 2016 and 7am on July 25, 2016. The incident caused data breach for 707 patients.
Affected information included patient names, dates of birth, dates of exams, diagnoses leading to the CAT scan, ordering providers, and x-ray exposure levels. Social Security numbers were not included.
As per the Privacy Officer Erica Forti, potentially affected individuals will receive a notification letter.
Facility mentioned that it is working with local and federal law enforcement agencies to retrieve the binder. It wants to find who removed it. Also, know the patient information misuse.
DHS knows the importance of keeping protected health information private and sincerely apologizes to the patients whose names were in the binder. They are working to ensure all patient information contained in other hard copy records and other sources of patient information are secure. They have changed key locks within the facility, conducted audits, and implemented new policies and processes. DHS employees have received additional training on security beyond their annual education and training.
According to the website:
Decatur Health Systems, Inc. is a rural health organization which works as critical access hospital and a rural family practice clinic. Facility also manage a independent living complex. It mentioned that it is committed to providing quality health care to the rural population.
General Health Maintenance
Management of Chronic Medical Conditions
Same Day Appointments
New Patients Welcome
Routine Well Child Checks
Work, School and Sports Physicals
Pap Smears and Routine Gynecological Care
Acute Care Services:
Chronic and Acute Childhood Illnesses
Chronic and Acute Adult Illnesses
Family Planning and Education
Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.