Seen on their web site:
On August 2, 2016, Harbin Clinic was notified by document storage facility Iron Mountain, Inc., that several boxes of medical records are unaccounted for and/or are missing or destroyed from their Atlanta facility. Harbin Clinic engaged the data safety warehouse to maintain the privacy of our patients’ records, as Iron Mountain is well regarded in the data storage industry, housing billions of information assets.
There are 498 total medical records missing which included cardiovascular medicine and obstetrics and gynecology patients. These patient visits occurred prior to 2002. The information in these records may have included name, dates of birth, address, diagnosis, social security number and insurance information.
If you feel you were affected by this breach or have additional questions, please feel free to call this toll-free number, 1-844-744-0582, and leave a message with your name, date of birth and contact number so that we can confirm your information and return your call promptly. Harbin Clinic also recommends patients to review the information on identity theft on the FTC website at https://www.consumer.ftc.gov/topics/identity-theft.
Harbin Clinic is committed to patient confidentiality and adheres to all federal and state privacy laws. In order to protect our patient’s rights and private information, we enforce strict rules for those who handle patient information and we regularly educate all employees on privacy regulations. Though we had contracted with an internationally-acclaimed data warehouse as our partner in keeping records safe, once we were informed of the loss we took immediate steps to assist our patients in learning about and managing any privacy concerns.
The safety and security of all Harbin Clinic patients is a top priority. Any allegation about a breach insecurity and privacy is taken seriously.
Lori Custer, JD, CHC
CHIEF COMPLIANCE AND PRIVACY OFFICER
Because 498 is below the magic number of 500, this incident will not appear on HHS’s public breach tool.
This is the second breach of this kind involving Iron Mountain reported in the past few months. On June 22, DataBreaches.net reported that the Texas Health & Human Services Commission was notifying 600 patients after Iron Mountain was unable to locate boxes with patient records from two Texas facilities.