Health records belonging to patients were stolen in a break-in at a suburban medical billing company.
Patients are now being notified about the security breech (sic).
Police tell ABC7 the records were on a portable hard drive and stolen from the Westmont office of Millennium Medical Management Resources.
It happened back in February.
The company handles billing for emergency healthcare physicians. Letters are being sent to EHP patients indicate people who were treated between 2003 and 2006 may be affected by the theft.
Read more on ABC.
Additional information on this breach from my companion site, PHIprivacy.net:
This incident was reported to NYS on April 29 and mentioned in an earlier blog entry on PHIprivacy.net. It has just been listed on on OCR’s web site, where their report to OCR indicates that 180,111 individuals may be affected.
A commenter on PHIprivacy.net describes the breach notification from MilleniumEHP:
According to the letter: “Millenium believes the hard drive contained personally identifiable information about EHP patients including name, address, phone, DOB, and SSN, and in some cases other information such as diagnosis, procedure (and/or codes), medical record #, acct #, DL #, and health insurance info.” It was NOT encrypted.
A few commenters on PHIprivacy.net also note that the firm did not offer them any free credit monitoring services, and that the only information they have for EHP is a phone number. They are also unhappy that the breach happened in February and that they are first being notified.
For additional updates, see PHIprivacy.net.