Anesthesia Associates of Kansas City has announced that surgery schedules containing patient information were stolen from one of their employee’s vehicles last December.
The employee, an AAKC nurse, left a bag containing patient schedules in his vehicle on December 14, 2018. Thieves broke into the vehicle and stole the bag. The nurse reported the incident to AAKC on December 16, 2018. The organisation launched an investigation to determine what paperwork had been stolen, which patients were affected, and if the information could be used for nefarious purposes.
AAKC stated that only a few surgery schedules were in the bag at the time of the theft. However, they were unable to determine which precisely which patients were affected by the breach. In an abundance of caution, breach notification letters to all patients who had undergone surgical treatment between April 4, 2018, and December 14, 2018. The breach notification letters, which are a requirement of HIPAA’s Breach Notification Rule, were sent on February 1, 2019.
The patient schedules included information such as includes names, birth dates, types of surgical procedures, dates of surgery, and the name of the surgeon. No sensitive data, such as addresses, Social Security numbers, insurance information or financial information was affected by the breach.
The nurse reported the theft to local law enforcement, but officials were unable to recover the bag nor the paperwork.
AAKC recommends all affected patients to monitor their accounts for any suspicious activity. Patients should notify the relevant authorities if there any sign of fraudulent activity.
The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights indicates that up to 3,472 patients’ protected health information may have been compromised.
In the breach notification statement posted on their website, AAKC stated: “We deeply regret any inconvenience or concern this incident may cause our patients. To help prevent something like this from happening in the future, we have reinforced our policy prohibiting the non-essential removal of patient information from the facility and implemented new requirements designed to safeguard patient data if there is a necessary reason to take information out of the facility.”
Anesthesia Associates of Kansas City, P.C., is the largest anesthesiology practice in the greater Kansas City region and among the largest groups in the U.S. AAKC provides services such as perioperative care, anesthesia, pain management, critical care, administrative and medical consultancy.