DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Indian Health Service addresses data breach by contract physician

Posted on October 21, 2014 by Dissent

The U.S. Department of Health & Human Services’ Indian Health Service (IHS) has been responding to a breach by a contract physician that affected patients at three IHS facilities. The IHS, an agency in the U.S. Department of Health and Human Services, provides a comprehensive health service delivery system for approximately 2.1 million American Indians and Alaska Natives.

On August 25, 2014, the IHS Bemidji Area determined that a physician employed by a staffing company under contract with the IHS had improperly accessed protected health information from three IHS facilities: the Fort Yates Service Unit in the IHS Great Plains Area, the Cass Lake Service Unit in the IHS Bemidji Area, and the Crow Service Unit in the IHS Billings Area.

According to a statement issued by IHS on October 17, the breach included “patient names, Social Security numbers, and health information such as diagnoses, prescribed medications, and laboratory results.” IHS noted that there is no current indication that the information has been used by or disclosed to any unauthorized individuals.

In correspondence to PHIprivacy.net, Kella With Horn, the IHS Great Plains Area Public Affairs Liaison, disclosed that 1,720 patients were notified of the incident. IHS declined to name the contract physician’s firm, “due to the ongoing review,” but IHS’s contract with the unnamed firm did include the requirement that the contractor must protect patient privacy and comply with HIPAA.

“IHS is very disappointed that this breach occurred given that the staffing company contract included the requirement that contract providers must protect patient privacy and meet HIPAA regulations. We are committed to ensuring the security and integrity of all our patients’ personal information and are putting additional protections in place” said Acting IHS Director Dr. Yvette Roubideaux. “Keeping patient information secure is of the utmost importance to us, and we very much regret that this situation occurred.”

When asked about what the unnamed physician’s motivation was in accessing the patient information, Kella With Horn replied, “The physician stated it was done in case of malpractice suit,” but because of the ongoing review, they wouldn’t comment further at this time. “The matter has been referred to the HHS Office of Inspector General,” they noted.

On October 17, 2014, the IHS sent letters by first class mail to affected patients to notify them of the privacy breach. Affected patients were also provided phone numbers to call the Area HIPAA Coordinators and were offered one year of free credit monitoring and reporting services.

Patients who received the letter and have any questions can contact the following Area HIPAA Coordinators:

  • For the Cass Lake Service Unit in the IHS Bemidji Area – Phillip Talamasy at 218-444-0538 or [email protected]
  • For the Fort Yates Service Unit in the IHS Great Plains Area – Heather H. McClane at 605-226-7730 or [email protected]
  • For the Crow Service Unit in the IHS Billings Area- Felicia Blackhoop at 406-247-7184 or [email protected]

As a result of this incident and to help protect against further breaches, all contract staff serving the affected Areas are being required to sign a Confidentiality Agreement stating that individually identifiable information is to be held in strict confidence.

Category: Uncategorized

Post navigation

← First National Bank website exposed private information
Flowers Hospital fraud case update: Defendant seeks to withdraw guilty plea, claims others involved →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
  • Oklahoma Expands its Security Breach Notification Law
  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.