American Family Care recently notified HHS of a breach affecting 7,200 patients. The breach was coded as “Unauthorized Access/Disclosure Electronic Medical Record,” with the location coded as “Other.”
Pretty confusing, right?
Here’s their statement that explains it:
(Birmingham, AL – July 29, 2016) At American Family Care (AFC) we are committed to maintaining the privacy and security of patients’ personal information. Despite that commitment, an issue was recently discovered that led to the unintentional release of protected health information (“PHI”). The issue involved x-ray CDs that were provided to patients at AFC’s Alabaster, Flintridge, and Wetumpka, Alabama clinics, and Smyrna, Tennessee clinic, between the dates of August 26, 2015, through June 14, 2016. Due to an error in the design and installation of third-party software, discs were released containing the following PHI: patient name; date of birth, patient gender, and patient identification number. However, information such as social security numbers, driver’s license numbers, financial data, and home addresses were not included on the CDs.
After conducting a thorough internal investigation AFC is confident the issue involving the third-party software has been resolved. Furthermore, additional steps have been taken to ensure incidents like this do not happen again. Notifications have been sent out to the appropriate patients. If any patients have questions, they may contact AFC at 1-800-258-7535 ext. 2588, or by email at [email protected]
About American Family Care:
Starting with a single location in 1982, AFC has become the nation’s leading provider of urgent care, accessible primary care, and occupational medicine. AFC’s stated mission is to provide the best healthcare possible, in a kind and caring environment, while respecting the rights of all patients, in an economical manner, at times and locations convenient to the patient. For more information, visit www.americanfamilycare.com.