A box containing confidential client health information disappeared from an office at KidsPeace’s Schnecksville facility, but the agency says it believes the records were not “inappropriately” removed or accessed.
It was unclear from a written statement released Tuesday whether the records — which include names, birth dates, medical record reference numbers, patient account numbers and service dates — may have been lost or accidentally destroyed.
Despite a lengthy investigation, “It’s just not something we can really speculate as to what actually took place,” spokesman Robert Martin said.
The possible data breach affects an undisclosed number of clients who received treatment between 2001 and 2004. Martin said that the records were reference documents to show that clients’ medical records had been properly destroyed under the agency’s document retention and destruction policies. They contained no medical records, he added.
The 134-year-old agency for children, which began as an orphanage in Bethlehem, provides psychiatric services, crisis intervention and fostering programs. The records were being entered into a computer tracking system and disappeared sometime after the close of business July 29, a Friday.
The loss was discovered Aug. 1 and the agency began an internal investigation, interviewing employees and custodial staff who had access to the office.
The investigation “verified that no unauthorized individuals accessed the medical records office between July 29, 2016, and Aug. 1, 2016,” the statement said.
In addition, “KidsPeace has no information indicating that any protected health information has been accessed or used by any unauthorized individuals.”
Martin would not say whether affected clients would receive identity protection services, or whether law enforcement might be called in the event of identity thefts tied to the lost records.
The agency changed the locks on the office and added other security restrictions. It also reviewed policies and procedures relating to protected information, “including those policies designed to prevent inadvertent disclosures of protected health information and those related to the secure storage and disposal of protected health information,” the statement said.
A toll-free phone line has been set up in response to the possible breach. Questions or concerns should be directed to Cliff Aulisio, KidsPeace HIPAA privacy officer, at (877) 228-3867.
Find the Original Story Here