Chautauqua Center (TCC) in New York disclosed a HIPAA breach by a business associate. The business associate’s error resulted in the protected health information of 747 physical and occupational therapy patients becoming accessible to other covered entities

Created with Sketch.

Chautauqua Center (TCC) in New York disclosed a HIPAA breach by a business associate. The business associate’s error resulted in the protected health information of 747 physical and occupational therapy patients becoming accessible to other covered entities

According to their victim notification letter, the breach occurred on December 22 at WebPT which provides electronic medical record (EMR) services for Chautauqua Physical and Occupational Therapy.

In a letter sent to TCC dated January 13, WebPT explained that the error occurred during an upgrade. In response, WebPT disabled access within 19 hours of the disclosure, changed their processes by the time the releases were published, trained staff and requested statements from the clinics that may have accessed the data to confirm there was no use or disclosure of the protected health information.

The types of information disclosed at the event included the case name and creation date, initial evaluation clinic notes, last seen date and referral date, patient name, primary insurance provider, primary care clinic, referring physician and/or group of physicians, initial diagnosis and related cause information, insurance information secondary, and the total number of visits for the case.

In addition to notifying patients and regulators, TCC’s Chautauqua Physical and Occupational Therapy responded to the incident by discontinuing the use of WebPT and switching EMR vendors to Athenahealth’s (athenaOne) EMR program.

https://www.databreaches.net/the-chautauqua-center-notifies-patients-of-breach-changes-emr-provider/

    © 2023 Cybecs

    Skip to content