A cardiology practice recently discovered that early patient records stored in a basement locker had been stolen at some unknown time. Given that these were paper account ledgers, is there even a backup so that the practice will have the names and then-contact information of everyone who should be notified? Their media notice does not state that individual letters are being mailed, so it is not clear on that point.
The stolen records date back to patients seen between 2010-2011, and some readers may question why such old records were still even maintained and not just securely destroyed. In the healthcare sector, there are not only state laws about records preservation for time periods set by states, but there are also good reasons to retain early health/medical records for comparison later on in life as symptoms emerge or change. But this incident is a useful reminder to occasionally check on paper records if you have stored them outside of your office to ensure that they are still there and stored securely.
Dr. Marilao’s press notice begins:
RIVERSIDE, Calif., Nov. 11, 2022 /PRNewswire/ — Hilario Marilao, M.D. recently became aware of a data breach incident involving a break-in of a locked storage cabinet in the locked basement of the office building. We first discovered missing documents on September 6, 2022, following a minor flood in the basement. We immediately investigated and determined that account ledgers had been stolen. We have narrowed the exposure to personal information belonging to some parents of patients seen by Dr. Marilao between 2010 to 2011. If your last name begins with the letter A through M, and you or your child were insured under any line of Medi-Cal or an HMO plan, the stolen ledgers may have contained personal data belonging to you. This data may have included personally identifiable information with some combination of your name, address, phone number, Social Security Number, health insurance information, your child’s name, date of service and/or your child’s date of birth.
Read their full notice at PR Newswire.