Friday, September 17, 2010

Privacy breach of patient records


For Immediate Release                                       



Contact:        Steve Whitmore                                           Michael Wilson

Sheriff’s Department                                  Health Services Dept.

P: 323-573-2387                                         P: 213-240-8059



Media Notification: Privacy Breach


LOS ANGELES, Calif. (September 17, 2010) -- The Los Angeles County Department of Health Services (DHS) and the Los Angeles County Sheriff’s Department (LASD) announces a privacy breach comprising more than 33,000 patient records housed at the Martin Luther King, Jr. Multi-Service Ambulatory Care Center (MLK MACC) in South Los Angeles, and the arrest of a suspect charged with one count of felony commercial burglary.

The MLK-MACC discovered the files missing on July 29, 2010, and immediately launched a search of the MLK-MACC campus for the files, and commenced an investigation.  The files were stored in a secured and locked location at the facility.  The investigation included interviews of employees who had access to the location, including custodians who may have mistakenly sent the files for destruction.  One such employee confessed that he had personally taken the files to a recycling company for its paper value.  At that time, MLK-MACC referred the matter to the Sheriff who conducted a law enforcement investigation. 

The boxes contained the following demographic information:  name, address, date of birth, medical record number, finance batch number, and gender of patients who received care at the outpatient facility from January through October, 2008.   No specific medical, financial, or social security information was included on the documents.

In the Sheriff’s investigation, the suspect admitted to the theft of records for the sole purpose of recycling the content of the boxes for monetary gain.  There is no indication that the information was stolen for the purpose of identity theft. 

Based on mandatory privacy statutes, individuals impacted by the breach will be notified by the facility by First Class Mail the week of September 20, 2010.  The notification will include detailed information on steps impacted individuals should take to protect themselves from potential harm.  In response to the incident, the department has implemented enhanced security measures and will be conducting patient privacy retraining.

“We take patient privacy in this department very seriously," said DHS chief of operations Carol Meyer.  “Despite measures previously employed by our facilities

to secure protected information, this unforeseen event occurred.  In the wake of

this unfortunate incident, we are redoubling our security measures to ensure the safety and integrity of patient information.”

To address the concerns of those potentially impacted by the breach, DHS will post additional information, including the detailed steps that individuals can take to protect themselves from any potential harm resulting from this breach, on its website at on September 21.  Individuals can also call 877-418-6381 toll-free after September 21 to see if they have been impacted.






No comments: