Rotech Healthcare Inc., a provider of home respiratory and medical equipment equipment and supplies, notified HHS of a breach involving 957 patients. Here is their notification:
Rotech Healthcare Inc. (“Rotech”) would like to notify you of a recent incident that may affect the security of your personal and protected health information. We are providing you with information regarding the incident, steps we have taken since discovering the incident and what you can do to protect against the possibility of identity theft and fraud should you feel it is appropriate to do so.
What Happened?
On June 13, 2016, Rotech received a report that certain patient information had been recovered by law enforcement after being found in the possession of an unauthorized individual. After receiving this report, Rotech immediately launched an investigation to verify the information provided and to learn more about whatmayhavehappened. Third-party forensic investigators were retained to assist with the investigationinto what happened, the identification of what information may be at risk and to whom this information relates. On July 11, 2016, the United States Secret Service provided Rotech with copies of the patient information recovered. A review of the recovered records indicates the records came from Rotech systems.
What Information Was Involved?
Although the investigations into this incident by Rotech and law enforcement are ongoing, Rotech determined that the paper records recovered by law enforcement contained your personal and protected health information, including : name, Social Security number, patient number, address, the name of the Rotech subsidiary company from which you received health care services, and possibly phone number and/or date of birth.
What We Are Doing?
Rotech takes your privacy and the security of your personal and protected health information very seriously, and we are cooperating with law enforcement’s investigation into this incident. Rotech and our third party forensic investigators continue to investigate this incident to identify any additional patients who may be impacted by this incident.
We are providing notice to all patients whose information was provided to Rotech by law enforcement and will notify any additional impacted individuals as they are identified. As part of our ongoing commitment to the security of the information in our care, we are reviewing our existing policies and procedures to better prevent something similar from happening again. We are notifying the Department of Health and Human Services and certain state regulators about this incident.
What You Can Do.
You can review the enclosed Steps You Can Take to Protect Against Identity Theft and Fraud. There you will find guidance on how to better protect against the possibility of identity theft and fraud. We know you may have questions about the content of this letter and have established a confidential, toll-free hotline to assist you with these questions and the steps you can take to better protect against the possibility of identity theft and fraud. The hotline is available Monday through Saturday, 9:00 a.m. to 9:00 p.m., EST, at 1-855-269-6650.
We sincerely regret any inconvenience this incident may cause. Rotech remains committed to safeguarding information in our care and will continue to take proactive steps to enhance the security of the information in our care.
Sincerely,
R. Wayne Bradberry, CHC
Vice President, Compliance & Ethics