19,000 Patients of Orlando Orthopaedic Center Affected by Transcription Service Provider Breach

The protected health information (PHI) of over 19,000 patients was exposed due to an error by a transcription service provider during a software upgrade on one of its servers. The health records of patients of Orlando Orthopaedic Center patients in Orlando, Florida were exposed throughout December 2017.

Protections were accidentally removed which allowed data on the server to be accessed over the Internet without the need for authentication. Orlando Orthopaedic Center became aware of the exposure of patients’ PHI in February 2018.

The discovery of the breach prompted a full investigation, which revealed names, dates of birth, insurance information, employer details, and treatment types were accessible. A limited number of patients also had their Social Security numbers exposed. Patients affected by the breach had received medical services at Orlando Orthopaedic Center prior to January 2018. It is not clear if any unauthorized persons accessed the PHI during the time when the server was left unprotected, although the healthcare provider has not been notified of any misuse of patient data.

Because data theft or unauthorized data access cannot be ruled out, Orlando Orthopaedic Center offered credit monitoring and identity theft protection services to all patients who had their Social Security number exposed. Patients have been advised to check their Explanation of Benefits statements and accounts for signs of misuse of of their PHI.

The transcription service vendor has corrected the problem and has secured its server and all PHI. Orlando Orthopaedic Center has also taken steps to ensure no further breaches are experienced, which include providing ongoing HIPAA compliance training for all staff and the implementation of additional security solutions to further protect the confidentiality of protected healoth information.

On July 20, 2018, Orlando Orthopaedic submitted its breach report to the Department of Health and Human Services’ Office for Civil Rights which indicates 19,101 patients were affected by the breach.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/