The following is a press release:
NASHVILLE, Tenn.May 22, 2020– The Little Clinic (TLC) announced today that patients could have had their protected health information (PHI) accessed due to a failure in TLC’s online appointment functionality. The Little Clinic made the discovery internally and found if a patient made an appointment and modified that appointment online, certain patient data could have been accessible by third party domains. In the course of the investigation of this incident, it was determined that 10,974 patients were affected across several states. The PHI exposed is limited to the patient’s name, date of birth, phone number and address.
The issue began on October 7, 2018 and was discovered in February 2020. A correction to prevent this error from recurring was implemented on February 13, 2020. On April 7, 2020, after a full investigation, The Little Clinic determined that a breach had occurred.
The Little Clinic does not have data to prove that any PHI has been accessed or misused and has not received any complaints regarding PHI being exposed related to this issue. However, customers are encouraged to review statements they receive from their health plans and immediately alert their plan if they notice any service that they did not receive or order.
Letters will be sent to affected patients at the address The Little Clinic has on file. Patients may contact the company in writing at The Little Clinic’s HIPAA Privacy Office, 1014 Vine Street, Cincinnati, OH 45202.
About The Little Clinic:
The Little Clinic operates approximately 220 clinics in 9 states serving more than 1.5 million patients each year. Our team of nurse practitioners, dietitians and technicians – are committed to helping people live healthier lives. We believe in practicing at the top of our licenses and enabling “food as medicine” to help prevent disease before it starts. Learn more at www.thelittleclinic.com/.
Source: PRNewswire