It’s easy to see how the new HITECH requirements are having an impact. Covered entities are not only notifying HHS of breaches affecting over 500 patients, but are posting notices on their web sites and often issuing press releases to help meet the notification requirements. Here’s a press release issued today by Dr. Ward Morris:
The dental office of Dr. Ward Morris of Tacoma was burglarized on or about July 16, 2010. The thieves broke a window, entered the office and stole a password-protected computer server containing patient information along with a computer monitor. Upon discovery of the theft, a police report was filed with the Pierce County Sheriff’s Office, and ID Experts®, a data breach solutions company, was retained to assist in notifying affected patients and to mitigate potential misuse of patient information.
Notification letters were sent to all affected patients via USPS mail on August 11, 2010. The personal information may have included name, address, telephone number, date of birth, Social Security number, internal patient account number, patient ledger information and limited medical history. There have been no reports indicating that the information has been misused.
In addition to notifying all affected patients, Dr. Morris is offering one year of credit monitoring. In the event of misuse of personal information, patients will receive fully-managed victim restoration and insurance reimbursement. Patients with questions regarding this incident can visit www.WMProtect.com.
Steps taken to prevent such events in the future include installation of a metal locking enclosure for the computer server, a security door and additional encryption technology to protect patient data.
How patients are being protected:
Dr. Morris has contracted with ID Experts, a leader in comprehensive data breach solutions, to provide a one year ID Experts FraudStop? membership. The membership will include:
* 12 months of Credit Monitoring
* Fraud Resolution Representatives
* Healthcare Identity Protection Toolkit?This press release is in accordance with the Health Information Technology for Economic and Clinical Health (HITECH) Act. Dr. Morris has notified patients and the Department of Health and Human Services (HHS). In addition, an informational website and toll-free number hosted by ID Experts are available to affected patients.
The incident is not yet posted on HHS’s web site, so we will have to wait to find out how many patients were notified of the incident.
Update: Dr. Morris’s report to the Maryland State Attorney General’s Office can be viewed here.