On January 9, Complete Wellness, a treatment center in Baltimore for those with mental health issues or substance abuse, posted a Warning of Potential Privacy Violation on their web site.
The warning described an incident in which an employee – without authorization – copied patient files to a flash drive, and the flash drive was then lost. The incident affected 600 patients of two of the center’s providers.
The employee was terminated and Complete Wellness has taken steps to prevent a recurrence of this type of problem. They have also reported the incident to HHS.
The following is their notification:
Complete Wellness is committed to patient privacy. We take patient privacy very seriously, and it is important to us that you are made fully aware of a potential privacy issue if you were a patient of Leslie Poff, CRNP or Durwood Whitten, PhD.
We have learned that the personal information you provided in you initial paperwork, including name, address, phone numbers, email address, birthdate, age, social security number, languages spoken, emergency contact, level of education, employer information, primary care physician, list of medications at admission, list of allergies, ethnicity, race, marital status, hurricane victim status, living situation, military service, arrest history, and hearing or vision difficulties, may have been compromised.
On November 28, 2016, it was discovered that an employee of Complete Wellness copied a large number of patient demographic files onto a flash drive without authorization. Since then, we have been unable to locate the flash drive. However, we have not received any indication that the information has been accessed or used by an unauthorized individual.
As a result of the incident described above, Complete Wellness has taken the following actions:
- Patient privacy training has been required for all administration and clinical staff members.
- Technology has been adopted that eliminates the need to “transport” records.
- Technology has been adopted to ensure proper encryption of all patient information.
- Policies and procedures have been updated to ensure the present situation does not arise again.
- Company leadership has been involved in several ongoing discussions to determine actions to address the current incident and to prevent future incidents.
- The employee involved in the incident has been terminated.
We are keenly aware of how important your personal information is to you. We strongly recommend that you contact the three credit bureaus listed below and place a “Fraud Alert” on your credit report. This service is provided free by the credit bureau agencies. For your protection you will need to verify your identity when you call.
Experian (Experian.com) (888) 397 3742
Equifax (Equifax.com) (888) 766-0008
TransUnion (TransUnion.com) (877) 322-8228
We understand that this may pose an inconvenience to you. We sincerely apologize and regret that this situation has occurred. Complete Wellness is committed to providing quality care, including protecting your personal information, and we want to assure you that we have policies and procedures to protect your privacy. If you have any questions, please contact 410-575-3252.