Irving Coppell Ear, Nose And Throat, dba ENT Partners of Texas has notified 789 patients of a HIPAA breach involving theft of their information.
In a press release posted on their web site, they write that on July 11, burlars broke through a locked metal exterior door and a locked interior office to where two laptops and a camera were stored. All three devices were stolen.
The laptops were password-protected, but the drives were not encrypted.
One laptop contained several hundred audiology tests. The data on the laptop containing the audiology tests was limited to the patient’s name, audiology test, and possibly date of birth. The data on the stolen computer did not contain the patient’s address, social security number, health insurance information, nor any other medical information. The second laptop contained approximately 20-30 CT scans for individual patients. The medical information contained on the second laptop included the patient’s name, date of birth and health care information related to the CT scan, but it did not include the patient’s address nor social security number. Last, the camera contained close-up digital photographs of some patient’s medical conditions. No other personal or medical information was included on the camera or in the images. Further, patient charts and medical information stored on ENT Partner’s secure server were not affected.
Law enforcement was immediately notified upon discovery of the burglary. The practice’s IT provider was notified of the breach and all passwords were changed.
We continue to monitor whether anyone has accessed the laptops, but we do not have the ability to remotely monitor whether the thieves have accessed the camera. If the laptops connect to the internet, our IT provider may be able to erase the data.
In response to the incident, the practice writes:
Also, we have taken steps to ensure this incident does not happen again to include staff training, changing our policies, and altering how patient data is stored and secured. We continue to monitor the situation.
While the office feels confident that the breach of information was limited, patients were advised that they might want to contact the three major credit bureaus to place fraud alerts on their accounts. They were also advised that they might want to obtain their credit reports, and were given information as to how to do both.
UPDATE: The following notice was posted in Dallas Morning News on October 8:
ENT PARTNERS OF TEXAS (LEGALLY KNOWN AS IRVING-COPPELL
ENT Partners of Texas (legally known as Irving-Coppell Ear, Nose and Throat) experienced a breach of protected patient health information (PHI) after its facility was broken into by thieves on July 11, 2014. The thieves stole two laptops and a camera. The laptops and camera contained PHI. However, the PHI that was stolen did not contain any patient’s address, social security number nor telephone number. Further, patient charts and medical information stored on ENT Partner’s secure server were not affected. Upon discovery of the break-in, law enforcement was notified immediately and a police report filed. ENT Partners’ IT provider was notified of the breach and all passwords were changed. ENT Partners continues to monitor the situation. ENT Partners has taken steps to ensure this incident does not happen again to include staff training, changing policies, and altering how patient data is stored and secured. Patient’s may consider calling the toll-free numbers of one of the three major credit bureaus to place a fraud alert on their credit report. The toll-free numbers are: Equifax at 1-800-525-6285; Experian at 1-888-EXPERIAN (397-3742); and TransUnion: 1-800-680-7289. Patients also may consider ordering a credit report. Please contact the following person for additional information: Shellaine Conant, ENT Partners of Texas, 400 West IH 635, Suite 360, Irving, Texas 7506; Toll Free: (855) 213-0577 extension 111, or visit the website at www.mytexasent.com.