HIPAA Patient Notice
LGRA announced the possibility of a Health Insurance Portability and Accountability Act (HIPAA) data breach due to a miscommunication between its billing company and janitorial provider. The medical facilities LGRA provides services to were not involved in this situation nor do they have any oversight or responsibility regarding the disposal of our billing records. The following letter describes the situation and was mailed to all potentially affected patients:
October 5, 2012
Re: Personal Health Information
The security and privacy of patient information is of utmost importance to Litton and Giddings Radiological Associates, P.C. (LGRA). Accordingly, we are writing to inform you of an incident involving some of that information.
Like many physician practices, LGRA employs a professional billing company to provide LGRA’s billing services. The billing company is required to comply with federal and state laws regarding patient record confidentiality. On August 10, 2012, LGRA learned from its billing company that the janitorial services vendor managed by the billing company’s landlord had inadvertently sent paper billing records to a Springfield recycling center without first shredding the records.
More specifically, on two occasions, July 31 and August 2, 2012, a janitor removed documents from the locked shred bin and placed them in a different, but secured container with other recyclable materials. The secured container was transported to the recycling center where the items were sorted for recycling, and ultimately, completely destroyed. The recycling process is largely mechanized, but workers in the recycling facility do, at times, manually sort the materials.
The billing company cannot identify which patient documents were sent to the recycling facility or what type of information was contained in the documents, but suspects that the documents may have included names, addresses, dates of birth, diagnosis codes, and/or social security numbers for patients who had billing activity between July 23 and August 2.
Although we have no evidence whatsoever to indicate that any of your information has been accessed or misused, we are writing to notify you out of an abundance of caution and to assure you that we are taking this matter seriously. In response to this incident, we have required the billing company to ensure that its landlord and vendors are aware of the proper procedures for the destruction of confidential documents. Also, the billing company has confirmed that the janitorial staff no longer has access to the keys for the secured shred bin.
Even though we believe that there is only a remote possibility that any of your information was actually accessed, we recommend that you remain vigilant to the possibility of any misuse of your information. For example, you can closely monitor all of your account statements, explanation of benefits received from your insurer, and credit reports. Most credit bureaus will allow a certain number of free credit reports each year. The contact information for the three major credit bureaus are:
P.O. Box 740241 Atlanta, GA 30374
P.O. Box 2104, Allen, TX 75013
P.O. Box 2000, Chester, PA 19022
If you have any questions or would like additional information, please feel free to contact us at our patient hotline: 877-615-3742 or visit our website at www.lgrad.com. Please know that your privacy is very important to us and we apologize for any inconvenience this may have caused.
Jay Smith, CPA, MBA
Litton & Giddings Radiological Associates, P.C.
If you received a letter, you received services from a physician at LGRA and had recent billing activity. If you have questions or believe that you should have received a letter and did not, please call our patient contact hotline at 1-877-615-3742 to confirm that you have not potentially been affected.