California lab reports 2 October breaches hit 4,300 patients

Huntington Medical Research Institutes in California posted two notices of HIPAA breaches in October, one of which affects 4,300 patients.

The first notice, posted Oct. 6, details the improper disposal of glass laboratory slides and paper records. HMRI learned of this incident on Aug. 6, but the improper disposal may have occurred up to two weeks prior to the discovery.

"Affected patients' names, some demographic information such as date of birth, clinical information such as diagnosis, treatment, tissue source, specimen information, specific tests ordered and referring physician information, as well as some billing information, may have been included in these records and/or slides," the notice reads. "Importantly, the information involved did NOT include any Social Security numbers or patient credit card or other financial payment card information."

HRMI is reinforcing staff training for those with access to patients' protected health information, strengthening its data security and following up to prevent any recurrence of a similar incident.

The second notice, posted Oct. 20, reports HMRI learned Aug. 20 a former employee may have taken electronic patient health information at the time of their departure from the company in July.

"HMRI continues to investigate this incident and seek return of all HMRI patient health information," the notice reads. "At this time, HMRI has no reason to believe this information has been or will be misused. The information included patients' names; some demographic information such as date of birth; clinical information such as diagnosis, treatment, tissue specimen source, other specimen information, specific tests ordered, and referring physician information; as well as some billing information. The information did NOT include any Social Security numbers or patient credit card or other financial payment card information."

The Office of Civil Rights' Breach Portal lists this second HIPAA violation as impacting 4,300 individuals and states it is due to either a stolen laptop or other type of portable electronic device.

More articles on health IT: 

EMC, Hartford Hospital to pay $90k HIPAA fine for stolen laptop
Startup Insider: Everseat
Jumping ship: Why hospitals switch EHR vendors & how to handle the aftermath

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Content

Featured Webinars

Featured Whitepapers