Harrington Physician Services, Inc. (“HPS”) as a Covered Entity is subject to the breach notification rules of the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”). HIPAA requires that HPS provide notice to a prominent media outlet in its state or jurisdiction if it discovers a breach of electronic protected health information affecting 500 or more individuals who reside in that state or jurisdiction. HPS believes that such a breach occurred, and is thus issuing the following information for public release.
A mailing list containing patient’s names, age, address, date of birth, primary care physician name and last office visit date was accidentally uploaded to a network file location on our information system that was not intended for secure patient information storage and that location could have been accessed by parties outside of Harrington
Importantly, Social Security Numbers, health information, other sensitive information was not included on this mailing list, and has not been compromised as a result of this incident.
We have no evidence that any information was accessed by any unauthorized parties and we believe there is minimal risk of financial, reputational or other harm to the affected individuals due to the short period of time that this information was available and the technical knowledge that would have been needed to access that network file location.
Because of this possible data breach incident, HPS has provided information to affected individuals about credit protection and monitoring.
HPS performed a risk assessment and safeguards have been implemented within the organization to avoid reoccurrence of this type of incident. Additionally, HPS will be reporting this incident to the United States Department of Health and Human Services, Office of Civil Rights.