News Feature | September 16, 2016

Vendor At Center Of Potential Healthcare Data Breach

By Megan Williams, contributing writer

Healthcare Data Breach

Vendor is likely to blame for yet another recent potential exposure of healthcare data.

Legislation and regulation over the last few years has expanded to include business associates, and with good reason. As healthcare data is handled by an increasing number of parties, the responsibility for patients’ informational well-being can no longer rest only on the shoulder of providers and payors. A recent potential breach is a reminder of that.

According to HealthIT Security, CHI Franciscan Health Highline Medical Center is in the process of notifying patients their information might have been breached as a result of their relationship with vendor R-C Healthcare Management. The vendor had worked with the medical center before it was acquired by CHI 2 years ago.

Highline was alerted on July 22 of this year that patient information between 1993 and 1994 and from 2008 and 2013 was potentially impacted. The data was left vulnerable from April 21, 2016 to June 13 of the same year when the files were secured.

Highline’s Response
Highline has issued an online statement in response to the breach, writing, “CHI Franciscan Health Highline Medical Center is committed to protecting the privacy and security of our patients’ information. We have no knowledge that the information has been accessed, viewed, acquired, or otherwise compromised by any unauthorized third party. However, out of an abundance of caution, we mailed letters to affected patients on August 31, 2016.”

The affected files might have contained patient names, dates of service, and insurance information, as well as social security numbers. According to the OCR data breach reporting tool, 18,399 individuals were affected by the incident.

It has also been reported by Bon Secours Health System, Inc. of South Carolina that some of its patients might have been similarly affected because of their relationship with R-C Healthcare. That breach might have impacted as many as 665,000 patients and was discovered on June 14, 2016. The information was exposed when R-C Healthcare Management was adjusting its network settings between April 18 and April 21, 2016.

Bon Secours also saw no indication that patient information had been misused.