Missing Paper Records Discovered in Illinois Physicians Network Storage Facility

Paper Records

Several data breaches reported in the last few months involved lost or stolen physical records. To be exact, 5 and 7 HIPAA-covered entities reported breaches involving paper records in October and November, respectively. Last December, there’s another report of data breach involving physical records in Illinois. Payment records of Franciscan Physician Network of Illinois and Specialty Physicians of Illinois LLC kept in the storage facility in Chicago Heights were missing.

This incident of missing paper records is one of the largest data breaches in recent months. The potential number of patients impacted is 22,000. Boxes of files containing payment records from 2010 and 2015 to 2017 were discovered missing on November 21, 2017. The covered entity issued notifications of data breach on December 13, 2017.

The lost files were discovered missing during a routine records request. Because the files cannot be found, an inventory was conducted. That’s when it was confirmed that 40 boxes of files were missing and most likely stolen. No foul play is suspected.

The records contained patient information such as names, addresses, methods of payment, payment amounts, location of office and credit card numbers (last four digits only). For patients that paid by check, the records also included information such as the bank account number, routing number, and Social Security number. Record files from the year 2010 may also have some information on insurance ID numbers, dates of birth, account numbers, type of visit, provider name and address, procedure codes, diagnoses, description of services and dates of service. As a precautionary response, the provider offered free identity theft protection services to all patients impacted by the breach for two years.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/