On July 1, 2016, Planned Parenthood of the Heartland announced that the protected health information (PHI) of certain patients of its Dubuque health center in Iowa may have been accessed by unauthorized individuals.
The health center permanently closed its doors to patients this April year and the premises was listed for sale and was sold. However, hard copies of patient files were left in the Dubuque health center. In April 2016, individuals entered the medical center and could potentially have viewed and/or copied patient files. The potential breach was discovered by Planned Parenthood on May 6, 2016. The files have now been removed from the premises and have been secured. Planned Parenthood said this was an isolated incident and is not representative of the stringent privacy standards usually maintained by the healthcare organization.
Patients affected by the potential privacy breach had sought treatment at the Dubuque health center between August 1, 2008 and April 30, 2014. In total, the PHI of 2,506 patients may have been compromised. Patients have now been notified of the breach and a substitute breach notice has been placed on the Planned Parenthood website.
Patient files contained full names, mailing addresses, dates of birth, health insurance information, Social Security numbers, medical record numbers, lab test results, medical diagnoses, and treatment information.
Planned Parenthood conducted an investigation into the privacy incident, although no evidence was uncovered to suggest that the patients’ files were accessed or that any patient data were used inappropriately. However, patients are being advised of the potential breach to allow them to take steps to mitigate any potential negative impact.
Planned Parenthood has suggested that patients visit the Federal Trade Commission website for further information on identity theft and to find out about the steps that can be taken to mitigate risk.
According to a statement issued by Planned Parenthood’s Chief Clinical Officer Penny Dickey, the incident has prompted “a comprehensive examination of our processes to ensure such an incident will never occur again.”
The post Potential Privacy Breach at Planned Parenthood Dubuque Health Center appeared first on HIPAA Journal.