Family medicine practitioner Dr. Loi Luu of Westminster, California recently notified patients and HHS of a potential breach, although the data were reportedly encrypted. PHIprivacy.net was able to access a still-cached copy of a substitute notice published in her local media:
PUBLIC NOTICE: PLEASE ALLOW THIS HIPAA BREACH
PUBLIC NOTICE: Please allow this HIPAA Breach Notification to serve as a notice regarding a possible inadvertent disclosure of some of your protected health information. Loi Luu, M.D. wants to alert our patients that in September 2014 thieves stole monitors, CPU’s, a server and moved approximately 20 blood test reports. The theft was promptly reported to police, the blood tests were recovered but the computer equipment has not been recovered. The server was password protected and the data was encrypted. The server contained patient names, dates of birth, phone numbers, social security, and health insurance information, addresses, and medical provider names. There was no credit card information. We currently have no reason to believe that our patients’ private information has been compromised by anyone in any way, or that any financial or reputational harm will occur, however, in an excess of caution, we wanted to provide this notice to you. If you have any questions, please contact: Loi Luu M.D., 14501 Magnolia St., Ste. 108 Westminster, CA 92683
Published in the Orange County Register Nov. 8, 2014
According to Dr. Luu’s notification to HHS, the theft occurred on September 17th, and 13,177 patients were potentially affected.