DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Asante Notifies More than 8,800 Patients Whose Records Appeared to Be Inappropriately Accessed by a Physician

Posted on March 9, 2023 by Dissent

Asante provides healthcare services in southern Oregon and northern California.

On February 28, it issued a notice about an insider-wrongdoing incident. As they describe it on their site, they became aware of a concern that a doctor with admitting privileges, Dr. Paul Hoffman, may have accessed a number of patients’ records without a valid clinical need.

“Dr. Hoffman is not an employee of Asante but had access to Asante’s electronic health record system in order to treat his patients when they are seen at Asante facilities,” their notice explains.

Asante’s investigation, which took place between December 20, 2022 and February 14, 2023,  found a number of his accesses between June 12, 2014 and January 3, 2023 did not appear to have a valid reason.

The patient information accessed included patients’ names, as well as demographic,  diagnostic, and treatment information. Dr. Hoffman reportedly did not have access to patients’ full social security numbers, driver’s license numbers, or payment card or bank account information.

Asante immediately terminated Dr. Hoffman’s access to its EHR system and indicated that they were referring his conduct to the Oregon Medical Board.

Perhaps anticipating some questions about why this wasn’t detected earlier, Asante’s notice includes a statement that they utilize electronic auditing systems that review every user’s access to its electronic health record system and attempts to identify cases of inappropriate access.

“In light of this incident, Asante is evaluating whether additional measures can be put in place to more quickly detect potentially inappropriate access to medical information by authorized users.”

While Asante believes that Dr. Hoffman accessed records out of curiosity rather than for fraudulent purposes, the incident is concerning as a violation of privacy. Asante has established a dedicated, toll-free call center is available for individuals to call with questions or concerns:
(866) 674-4359 Monday through Friday, 6 a.m. to 3:30 p.m. Pacific Standard Time.

This incident was reported to HHS as impacting 8,834 patients.

A search of the Oregon Medical Board license verification site conducted today does not yet indicate any pending investigation or new charges against Dr. Hoffman. Dr. Hoffman is listed as a General Surgery Specialist in Ashland, Oregon.  The Oregon board records reveals that in response to disciplinary action, Dr. Hoffman voluntarily agreed to stop performing colonoscopies in Oregon in 2009; a voluntary revocation that continues to this day.

Dr. Hoffman’s license to practice medicine in California was revoked by that state in 2011 for failure to respond to accusations stemming from the Oregon case.

Category: Health DataInsiderU.S.

Post navigation

← AT&T Notifying some wireless customers of vendor incident
Boonton Police Captain Allegedly Steals Computer Towers, Internal Affairs Records →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.