Dan Sheehan reports on a possible breach involving records that were created solely to document that patients’ medical and treatment records had been securely destroyed. Yes, this would be an appropriate place to insert an “oi veh.”
SCHNECKSVILLE — A box containing confidential client health information disappeared from an office at KidsPeace, but the agency says it believes the records were not “inappropriately” removed or accessed.
It was unclear from a written statement released Tuesday whether the the records — which include names, birth dates, medical record reference numbers, patient account numbers and service dates — may have been lost or accidentally destroyed.
Read more on Morning Call.
KidsPeace, which is a non-profit providing residential treatment and outpatient mental health, behavioral, and psychiatric services to children and teens, issued the following statement:
In line with its commitment to privacy and security of client information, KidsPeace is providing notice of a possible breach of information related to certain former KidsPeace clients.
On August 1, 2016, KidsPeace learned that a box containing information about certain former KidsPeace clients went missing from the KidsPeace medical records office sometime after the close of business on Friday, July 29, 2016. The missing box contained a list of certain former KidsPeace clients who received services between 2001 and 2004 and whose client records had been securely destroyed in accordance with KidsPeace’s document retention and destruction policies. Client information from the list was being input from its paper-form in the box into KidsPeace’s electronic tracking system to document those former clients for whom records had been destroyed. The list in the missing box included protected health information regarding these former clients, including client names, dates of birth, KidsPeace medical record numbers, KidsPeace patient account numbers, and service dates. The missing box did not contain any medical records.
KidsPeace has interviewed all employees and custodial staff who could have accessed the medical records office where the missing box was stored. KidsPeace has no reason to believe that the box was inappropriately accessed or inappropriately removed from the medical records office, and KidsPeace has verified that no unauthorized individuals accessed the medical records office between July 29, 2016 and August 1, 2016.
KidsPeace regrets any inconvenience or concern this incident may have caused. KidsPeace assures its clients that it is committed to fully protecting the information entrusted to it and that it takes its role of safeguarding clients’ protected health information very seriously. At this time, KidsPeace has no information indicating that any protected health information has been accessed or used by any unauthorized individuals.
Following the discovery of the breach, KidsPeace took immediate action to remedy the situation and to prevent the future inadvertent disclosure of protected health information. KidsPeace reviewed its policies and procedures related to the privacy and security of protected health information, including those policies designed to prevent inadvertent disclosures of protected health information and those related to the secure storage and disposal of protected health information. KidsPeace has also changed the locks to its medical records office and implemented additional access restrictions.
KidsPeace has set up a toll-free phone line for inquiries about this situation. Individuals with questions or concerns should contact Cliff Aulisio, KidsPeace HIPAA Privacy Officer, at (877) 228- 3867.