Theft of Patient Schedules Results in Potential Exposure of PHI of 3,472 Anesthesia Associates of Kansas City Patients

Paperwork containing information on patients has been stolen from an Anesthesia Associates of Kansas City employee’s vehicle on December 14, 2018. The employee left a bag in his car that contained patient schedules that included names, dates of birth, types of surgical operations, surgery dates, and surgeons’ names. Highly sensitive information such as insurance details, Social Security numbers and financial data were not detailed in the stolen schedules so the risk of identity theft is low. Law enforcement was notified about the theft but the paperwork has not been recovered.

Anesthesia Associates of Kansas City found out about the theft on December 16, 2018 and launched an investigation determine which schedules had been stolen and which patients had had their protected health information exposed. There is no way to know with absolute certainty which patient schedules were in the stolen bag. Therefore, Anesthesia Associates decided to send breach notification letters to every patient who undergone surgery from April 4, 2018 to December 14, 2018. Breach notification letters were sent by mail on February 1, 2019. All patients affected by the breach were advised to be alert for fraudulent activity.

Anesthesia Associates submitted a breach report to the Department of Health and Human Services’ Office for Civil Rights, which indicates 3,472 patients’ PHI may have been exposed.

Anesthesia Associates of Kansas City has strengthened its policies covering the removal of patient data from its clinics. The clinic has also developed new policies and procedures covering information that needs to be taken off site and additional security controls have now been implemented to prevent further exposures of patient information.