Radiology Regional Center, PA, a physician-owned and managed diagnostic facility with nine locations in Florida, announced today that on December 19, 2015, Radiology Regional Center was informed by its records disposal vender (sic), Lee County Solid Waste Division (“Lee County”), that, on that same date, paper records containing the personal information of Radiology Regional Center’s patients were released by Lee County on Fowler Street in Fort Myers, Florida. The records were released while Lee County was transporting the records to be incinerated. This release is being issued in accordance with guidelines from the Health Insurance Portability and Accountability Act (“HIPAA”).
Impacted patients have already been notified in accordance with HIPAA. To the best of Radiology Regional Center’s knowledge, these records, which date from 2005-2012, may have contained patient names, addresses, phone numbers, social security numbers, dates of birth, health insurance numbers, and other medical status and assessment information as well as financial information gathered in the patient medical and financial records.
As soon as Radiology Regional Center learned of the incident, every effort was made to retrieve the records, including a foot search of the surrounding area by more than a dozen of its employees and physicians. In an abundance of caution, a second search of the area was conducted by foot on December 21, 2015 and a third was conducted on December 22, 2015. As a result of its numerous searches, Radiology Regional Center believes that virtually all of the records were retrieved.
While every effort was made to retrieve the lost records, Radiology Regional Center acknowledges that some records may not be retrieved and so has notified potentially affected patients of the incident and presented them with the following steps they can take as precautionary measures.
Radiology Regional Center has advised potentially impacted patients to (1) place a 90 day fraud alert on their credit file, (2) review a free copy of their credit report, and (3) review their explanation of benefits statements. Radiology Regional Center is also offering potentially affected patients with complimentary credit monitoring services.
Radiology Regional Center is taking this matter very seriously and has conducted a thorough investigation to mitigate the circumstances resulting from this incident and to ensure an incident like this does not happen again. Any affected patients may call 877-853-3045 for additional information, Monday through Friday, 6:00 a.m. to 6:00 p.m. PST (closed on U.S. observed holidays).
For additional information please visit the FAQs at http://radiologyregional.com/.
SOURCE: Radiology Regional Center
The FAQ on their site explains:
This incident resulted from the condition of the container used by Lee County Solid Waste Division to transport the records and the Lee County driver’s failure to properly secure the container door.
I am an affected person of this breach and received a letter from the company. Are there any attorneys out their planning a Class Action law suit on behalf of the many victims of this gross negligence?
I also received a letter from the Radiology Regional Center on February 16th notifying me of the “potential” breach of my personal information. Their attempt to show their “concern” is to send out on foot more than a dozen employees & physicians on 3 separate days to locate over 400,000 personal documents is a joke! Then they insult our intelligence by claiming “that it is likely that your records were retrieved”. I was infuriated that their letter states that WE need to be “proactive” to take the required steps to ensure that our information is secure. I am a single mother with 2 children who works 40 hours a week. Please tell me when I can take your “proactive” steps to contact credit bureaus, banks, Social Security, IRS, checking/savings accounts, credit cards, explanation of benefits statements, etc. to ensure that my personal information is safe. I can’t even begin to tell you how much this stress & anxiety has impacted my life since receiving their letter. This was a breach of the HIPPA laws and something needs to be done to hold this company accountable!! Has anyone heard of any Class Action suits being filed on our behalf?
The ultimate responsibility is Regional Radiology and not Lee County. Why is there not a manifest of items to be destroyed? What about people who are on Tricare military, and the spouse who is the primary, with their SSA number not notified? The CEO ‘s comments are mundane. There are no contact numbers or a list of management to access on the web site. Why? Yes, class action or singular suits must be the answer.
Big deal free credit reporting. I already purchase that through my employer . There must be a class action suit . I was sure told what it was going to cost me if there was a release in error working in Medical Records. Everyone knows the records are to be shredded before leaving the facility they are picking up from.
No, everyone does not know that the records are to be shredded before leaving a facility, and there’s no law requiring that. Incineration meets HIPAA’s requirements for disposal, but in this case, the vendor transporting the records screwed up/had an accident. I’ve reported on a number of such incidents over the past decade.
Keep in mind that there is no private cause of action under HIPAA, and most courts are tossing lawsuits if the plaintiffs cannot demonstrate actual injury/harm or imminent injury/harm. If the center believes it recovered the records, it may be hard to demonstrate injury or harm. Could the Florida Attorney General’s Office go after them? Probably, but again, not every accident or breach will result in successful legal action – and the vast majority don’t.
I understand the frustration and anger, but a class action lawsuit, while causing legal expenses for the center, is not likely to give the plaintiffs/patients anything really useful.
You might be better off filing complaints with HHS about the incident if you feel that strongly.
keep the cops busy and off the streets file a police report. Once that’s done have a credit card with a decent limit. Then put a credit freeze on all three of the credit reporting agencies. Be warned that places that use your public info may not be able to process new requests (like the IRS for a PIN). Go to Krebs security online, he has all the details.