Impostor and Burglar Obtained the PHI of Patients

HIPAA Records

Blue Cross Blue Shield of Illinois has discovered the the protected health information (PHI) of a number of plan members has been disclosed to a physician who was impersonating another doctor. The doctor was hired by Dane Street, Blue Cross Blue Shield’s business associate. He conducted peer to peer reviews on behalf of the firm.

Law enforcement informed Dane Street on April 9, 2018 that the doctor was impersonating another doctor. By conducting the peer to peer reviews, the doctor was able to view information of patients including names, birth dates, addresses, phone numbers, Social Security numbers and medical service information.

Because the affected patients’ Social Security numbers were exposed, they have been offered free credit monitoring services for 12 months. Dane street terminated the doctor, who is now facing charges over the fraud. Dane Street has since started conducting stricter credential checks when hiring personnel to avoid any further incidents of this nature.

Quality Care Pharmacy in San Marcos, CA has issued breach notifications to about 3,000 patients informing them that their protected health information was obtained by thieves.  Professional thieves stole medications worth hundreds of thousands of dollars and a computer from the Quality Care Pharmacy in San Marcos strip mall. The stolen computer was unencrypted and contained protected health information. 10News reported that the thieves drilled the safe in order to steal its content. The thieves planned this attack and were able to circumvent all the security measures of the pharmacy.

Patients whose PHI was potentially exposed have now been notified. However, according to 10News, some patients had to wait nine weeks to be notified of the breach.