A Colorado-based healthcare office has reported a possible PHI breach and notified 1,835 patients about the incident. Former employee emailed patient information to her personal email which has resulted into the data breach. According to the Office of Civil Rights data breach tool, total 1,835 individuals were affected by the unauthorized disclosure incident.
Lasair Aesthetic Health mentioned that a former manager after resignation sent email from her phone to forward documents containing patient lists and data to her personal email account. Affected information included names, amount patients spent, credits with Lasair during 2015, and, in some cases, treatment results and photographic images without faces showing.
Facility has ordered the former employee to destroy the documents. Also, prohibited him to use the patient information. She has confirmed that the documents have been deleted. Facility is still looking for an injunction to ensure that the information cannot be used or disclosed. Police were also notified about the incident.
Lasair has researched methods for upgrading its information technology system to further restrict the abilities to access, copy, and move files from the office’s network to avoid such incidents.
“We are conducting further analysis of our privacy and security safeguards to identify any additional ways we may strengthen the protection of our patients’ information.”
Now it will require all staff to understand the new procedures. Also,data breach services company is hired and e mailing notification letters to all individuals are sent.
“As a general precaution, we recommend that patients regularly review and closely monitor their financial account statements. Although Lasair does not keep credit card numbers on record, we recommend that our patients review their credit card charges routinely. If patients identify any charges on their credit or debit cards, or withdrawals from their bank accounts that they did not authorize, they should contact their bank or credit card company immediately and follow their procedures to freeze transactions or accounts, obtain new cards, and/or to challenge any unauthorized purchases.”
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.