Following the discovery of the breach on Aug. 19, Nephropath instructed the vendor to destroy all copies of the information. Nephropath reported receiving written confirmation that all copies of the data were destroyed.
The patient data included names of patients, pathology diagnosis, referring physician and age at the time of treatment. No Social Security numbers, addresses or financial records were disclosed. As a result of the error, Nephropath is reviewing its policies and procedure to protect against future incidents.
More articles on health IT:
3 physicians face charges, HIPAA violation for using EHR to ‘steal patients’
10% or less of health IT budget goes to cybersecurity: 5 key findings on security gaps in healthcare
Class action suit filed against Excellus Health Plan after massive data breach: 4 things to know
