DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Asante Notifies More than 8,800 Patients Whose Records Appeared to Be Inappropriately Accessed by a Physician

Posted on March 9, 2023 by Dissent

Asante provides healthcare services in southern Oregon and northern California.

On February 28, it issued a notice about an insider-wrongdoing incident. As they describe it on their site, they became aware of a concern that a doctor with admitting privileges, Dr. Paul Hoffman, may have accessed a number of patients’ records without a valid clinical need.

“Dr. Hoffman is not an employee of Asante but had access to Asante’s electronic health record system in order to treat his patients when they are seen at Asante facilities,” their notice explains.

Asante’s investigation, which took place between December 20, 2022 and February 14, 2023,  found a number of his accesses between June 12, 2014 and January 3, 2023 did not appear to have a valid reason.

The patient information accessed included patients’ names, as well as demographic,  diagnostic, and treatment information. Dr. Hoffman reportedly did not have access to patients’ full social security numbers, driver’s license numbers, or payment card or bank account information.

Asante immediately terminated Dr. Hoffman’s access to its EHR system and indicated that they were referring his conduct to the Oregon Medical Board.

Perhaps anticipating some questions about why this wasn’t detected earlier, Asante’s notice includes a statement that they utilize electronic auditing systems that review every user’s access to its electronic health record system and attempts to identify cases of inappropriate access.

“In light of this incident, Asante is evaluating whether additional measures can be put in place to more quickly detect potentially inappropriate access to medical information by authorized users.”

While Asante believes that Dr. Hoffman accessed records out of curiosity rather than for fraudulent purposes, the incident is concerning as a violation of privacy. Asante has established a dedicated, toll-free call center is available for individuals to call with questions or concerns:
(866) 674-4359 Monday through Friday, 6 a.m. to 3:30 p.m. Pacific Standard Time.

This incident was reported to HHS as impacting 8,834 patients.

A search of the Oregon Medical Board license verification site conducted today does not yet indicate any pending investigation or new charges against Dr. Hoffman. Dr. Hoffman is listed as a General Surgery Specialist in Ashland, Oregon.  The Oregon board records reveals that in response to disciplinary action, Dr. Hoffman voluntarily agreed to stop performing colonoscopies in Oregon in 2009; a voluntary revocation that continues to this day.

Dr. Hoffman’s license to practice medicine in California was revoked by that state in 2011 for failure to respond to accusations stemming from the Oregon case.

Related posts:

  • OR: Asante Notifies Patients of Inappropriate File Access by Employee
  • The President Ordered a Board to Probe a Massive Russian Cyberattack. It Never Did.
  • Small-Scale Violations of Medical Privacy Often Cause the Most Harm
Category: Health DataInsiderU.S.

Post navigation

← AT&T Notifying some wireless customers of vendor incident
Boonton Police Captain Allegedly Steals Computer Towers, Internal Affairs Records →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.