HIPAA Security Incident Notification
On September 21, 2020, the Woolfson Eye Institute (“Woolfson”) learned that a laptop that was connected to testing equipment and storing a patient database was stolen earlier that day. The information stored in the patient database on the laptop included patient names and dates of birth only. The information on the laptop did not include any medical diagnoses, Social Security numbers, financial account numbers, drivers’ license numbers, or any other more sensitive identifiers or medical information. We sincerely apologize for this situation and any inconvenience it may cause you.
We investigated the incident and have been cooperating with local law enforcement. At this point, we have not received any information suggesting that your information has been used for an improper purpose. Nonetheless, we are sending this advisory to update you about the incident so that you can take appropriate steps to protect yourself and minimize the possibility of misuse of your information.
We recommend you remain vigilant and consider taking steps to protect your personal information. For example,
- Only share your health insurance cards with your health care providers and other family members who are covered under your insurance plan or who help you with your medical care.
- Review your “explanation of benefits statement” which you receive from your health insurance company. Follow up with your insurance company or care provider for any items you do not recognize.
- Ask your insurance company for a current year-to-date report of all services paid for you as a beneficiary. Follow up with your insurance company or the care provider for any items you do not recognize.
We treat all sensitive patient information in a confidential manner and are proactive in the careful handling of such information. We will assess and modify our current privacy and data security policies and procedures to prevent similar situations from occurring in the future.
If you have any further questions, please contact our compliance officer at firstname.lastname@example.org.