Patients at Life Care Center of Attleboro between 1992 and 2004, in 2006, or in 2011, may have been affected by a breach involving paper records. The breach involved storage vendor Iron Mountain, who was unable to locate the records during a limited audit. Although neither Iron Mountain nor Life Care Center of Attleboro seem to suspect data theft in this case, the center notified all those affected, as required by HIPAA and HITECH.
The stored patients’ records included patient name, address, Social Security Number, date of birth, diagnosis, and other medical status and assessment information as well as financial information gathered in the patient’s medical and financial records during his/her stay at Attleboro.
An FAQ on the breach for patients is available here (pdf). The incident was reported to HHS as affecting 2,473. Oddly, the center does not seem to have reported the incident as involving a business associate, although it seems clear that this was a vendor/business associate incident.
People who were employed at Life Care Center of Attleboro anytime between 1992 and 1999 may also be impacted. An FAQ for employees is available here (pdf).
Both former patients and employees were offered a complimentary membership in Experian ProtectMyID.