The breach of patients' personal health information (PHI) from the healthcare organization's billing system began in November 2011 and continued thru June 2012. But patients were not notified until July 9, 2014 because the medical practice learned of the breach from law enforcement in May 2014.
"A former employee who worked for us during 2011 and 2012 is now the subject of a law enforcement investigation relating to personal health information that the former employee is alleged to have stolen and used for fraudulent activities,."This is another case where law enforcement, rather than the organization holding the PHI, discovers the identity theft or PHI breach. Organizations seeking to proactively detect identity thefts and data breaches, thus preventing or limiting the number of victims, can utilize SaaS analytics services.
- Healthcare provider spokesperson
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Western Regional Center For Brain And Spine Surgery employee stole patient information for fraudulent activities - www.PHIprivacy.net, 08/05/2014