April 26th, 2013 - Patient Privacy Notice

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.hopehospice.net/news/

Through a routine internal compliance audit on February 25, 2013, Hope
Hospice discovered a potential security breach after finding an
employee had emailed a report of recent referral and admission
activity to themselves via an unsecured channel on December 27, 2012
and February 22, 2013. The information included in the report was
limited to 818 patient names, referral source, referral and admission
date, name of insurance company, chart number, county and date of
discharge. The information did not include other sensitive personal
identification such as social security numbers, dates of birth or
addresses. Due to the number of affected individuals and the agency’s
policy against using unsecured channels for communicating patient
information, each patient or their next of kin is being notified of
the occurrence.

The information was secured February 28, 2013 and the Agency does not
believe the type of information included presents a risk of financial
harm. However,  affected individuals are encouraged to contact their
financial institutions as well as any one of the three major credit
bureaus to place a fraud alert on their account.

In response to this incident, all staff members have received
additional training, and the agency is performing a comprehensive
review to further refine its policies and procedures related to
patient privacy and security. Steps are also underway to further
improve the security of the agency’s operations.

The agency has a toll-free number to call us with questions and
concerns about your personal information.  You may call Debra
Houser-Bruchmiller, CEO at 800-499-7501 from 8 AM to 5 PM, Monday
through Friday with any questions. In addition, patients may visit the
agency’s website at www.hopehospice.net for further information and
links to web sites that offer information on what to do if your
personal information has been compromised.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.