Gulf Coast Pain Consultants, LLC d/b/a Clearway Pain Solutions Institute, recently notified patients after discovering on February 20 that their EMR system had been accessed without authorization. Their investigation revealed that the third party accessed
patients’ names, addresses, telephone numbers, email addresses, social security numbers, dates of birth, insurance information, name of referring provider, and other demographic information. The information that was accessed in an unauthorized manner did not include credit card information, financial account information, or the clinical information in patients’ medical records.
Their notice indicates that they are offering some mitigation services to those impacted while they take steps to prevent future incidents of this kind:
In addition to investigating this matter thoroughly and terminating the unauthorized access to our EMR system, we have reviewed all user accounts on our system and validated the access levels and activity for each account. We are reviewing and updating our policies and procedures regarding access to patient information and our systems as necessary. As an additional precaution, to reduce the risk of fraud or identity theft, we are offering affected individuals a one-year membership in Experian’s® IdentityWorks SM at no cost.
They do not indicate how many patients were affected, and whether HHS has been notified of this incident.
Update: This was reported to HHS on April 5 as impacting 35,000 patients, although it wasn’t posted on HHS’s site immediately.