There were a number of breaches added to HHS’s breach tool today that were news to me. Here’s another:
Colorado Health & Wellness reported an incident affecting 651 patients that occurred on September 4. HHS’s log codes the incident as “Theft, Unauthorized Access/Disclosure” involving EMRs. Clear as mud, right?
I could not locate any media coverage of the incident or notice on their site, but I was able to track down a cached copy of a media notice that appeared in The Colorado Springs Gazette on November 1, 2013. The notice makes it pretty clear what likely happened here:
HITECH BREACH NOTICE ON SEPTEMBER 4, 2013, COLORADO
HITECH BREACH NOTICEOn September 4, 2013, Colorado Health & Wellness, Inc. discovered that a doctor formerly associated with Colorado Health & Wellness, Inc. took patient information without authorization when he ended his practice at Colorado Health & Wellness, Inc. The specific information involved includes patient name, address, telephone number, and e-mail address. Patients at the Colorado Health & Wellness, Inc. whose information was potentially impacted will be receiving a letter with more information. Colorado Health & Wellness, Inc. apologizes for any inconvenience, and we invite you to call us at (719) 576-2225 with any questions or concerns.