DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

TX: Employee with “retaliatory agenda” stole potentially 16,000 children’s medical records

Posted on November 11, 2015 by Dissent

HIPAA Journal reports:

An investigation conducted by Children’s Medical Clinics of East Texas has revealed a former employee took copies of children’s medical records and disclosed them to a third party. According to the breach report posted on the healthcare provider’s website, the privacy breach was caused by an individual with “a retaliatory agenda against the clinic.”

A Children’s Medical Clinics of East Texas employee was discovered to have removed business documents and taken them home, and failed to return them when requested to do so. It is not clear from the breach report when the incident occurred, but the decision was taken to report the matter to the police on August 10, 2015.

Read more on HIPAA Journal.

The full notice, written by their lawyers, follows:

Dear Parent/Guardian:

Children’s Medical Clinics of East Texas prides itself on its dedication to not only high quality medical care for your children, but also with federal and state compliance with the security and privacy of your medical records.

Recently, an employee of the clinic was found to have taken business documents home from the office and did not return them. The police were notified and a police report was filed by August 10, 2015. Thereafter, logs revealed the employee also improperly accessed patient health information by logging into patient records and providing a screenshot of patient records to an identified third party. This third party, who was a disgruntled ex- employee, appears to have a retaliatory agenda against the clinic. The employee has been terminated.

This firm has been retained to investigate the potential for a privacy breach regarding the improper access of records that contained confidential information such as Name, Date of Birth and PHI including diagnosis and treatment. At this time, there is no evidence the employee disclosed to others the information. We believe the employee engaged in these behaviors due to the likely retaliatory agenda stated above and not with any intent to harm patients. However, there is no way to narrow down which records were improperly accessed. Under HIPAA, this employee’s access was authorized and she had HIPAA training. However, once she became involved with forwarding information to a third party, her access was unauthorized. Therefore, the HIPAA privacy rules require that incidents be notified to you and reported to the regulatory agency, HHS.

If for any reason you feel that or become aware of harm to identity or reputation of these pediatric patients that may be related to this incident, credit monitoring may be offered. In addition, you may consider taking immediate steps to protect your identity as follows:

  1. Register fraud alert with 3 credit bureaus including Experian, TransUnion and Equifax;
  2. Monitor all accounts closely;
  3. Contact the local Consumer Protection Agency;

For additional information on consumer protection, access helpful web links such as
http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_039114.pdf

Children’s Medical Clinics of East Texas sincerely apologizes for any inconvenience and concern this incident has caused to you. In accordance with promulgated security measures, Children’s Medical Clinics is following a strict internal review process and upgrading all security systems in accordance with guidance provided by HHS including enhanced on-site security measures. Additional measures include a security watch, surveillance cameras, and more stringent HIPAA training.

If you receive any calls from anyone not associated with the clinic, or if you have any questions or concerns, please feel free to contact our office at 1-800-331-6844 between 8:30 am and 6:00 pm or by email to [email protected].

Sincerely,
Diane K. Shaw, Attorney

No related posts.

Category: Health DataInsiderU.S.

Post navigation

← E-health opt-out records a ‘huge invasion of privacy’
Google, Apple Remove InstaAgent App Due To Password Snooping →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges
  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.