Melanie Payne reports:
Carol Crisafi received a disturbing letter in the mail. It came from a physician’s group that had cared for her while she was in Brandon Regional Hospital east of Tampa.
Advanced Care Hospitalists PL said their “former billing company,” Doctors First Choice Billing in Miramar, had posted patients’ personal information on a website.
What concerned the Fort Myers woman was that Advanced Care Hospitalists found out about the security breach in February, but she wasn’t notified until last week.
Read more on News-Press.com. The delay in notification was reportedly explained by ACH’s attorney who said that when the breach was discovered, none of the affected patients were identified as having been seen Brandon Regional Hospital, but on or about May 7:
ACH discovered that (Doctors First Choice Billing) also had processed claims of ACH’s related provider, Hospitalists of Brandon, LLC (“HOB”) involving patients at Brandon Regional Hospital. We have no evidence that the protected health information of HOB patients was disclosed or breached, but in an abundance of caution, we notified each HOB patient of the incident …,” Lugo wrote.
Under HITECH, when in doubt, notify, which ACH seems to have done. But is this one of those situations where patients may now needlessly worry if there really had been no disclosure or breach?
N.B.: the report describes Doctors First Choice Billing as ACH’s “former” billing company. Did this breach cost them their contract, or was it unelated?