A security breach involving patient information from some client files created in 2016 occurred early this summer.
If your file was created before January 1 of 2016, or after June 8 of 2016, your file was not affected.
However, if your file was created between January 1 and June 8 of 2016, it is likely that paper intake documents contained in your file were stolen. If you believe that your file may have been affected, but have not received verbal and/or written notification of the privacy breach, it is likely that our office does not have current contact information for you. Further information is available below--please feel free to contact our office at any time for more information, or to verify whether your file was impacted.
This document is to notify you of a recent break-in and burglary, which involved some of your file documents. Because session notes are stored digitally, in a secure database, and not in a hard-copy format, no records of therapy proceedings were affected; however, the intake and assessment documents, including personal contact information, which you submitted at your first therapy session were stolen. It is unlikely, but possible, that with sufficient computing skill, documents including treatment goals and letters to other clinicians might also have been recoverable from the laptops.
The burglary primarily targeted electronic items that offer easy resale value—computers and related equipment—and it is likely that your file documents were stolen accidentally, since they were contained in a locked case, which may have been perceived as containing a laptop or other valuables. Nevertheless, the possibility of your contact information being used for identity theft is a real one. One option for maintaining your privacy and financial security in this matter is to create a free account through a credit monitoring service (Credit Karma offers this service free of charge). Additionally, if you suspect that accounts have been opened in your name, and without your permission, it is important that you notify the Federal Trade Commission and, if you desire to press charges, the police. The FTC offers a website designed to assist you in resolving any concerns related to identity theft, which you can access at www.identitytheft.gov
Although HIPAA-compliant standards were followed in protecting your information, the nature of the burglary was such that locks and door fixtures were destroyed in the break-in. In order to more effectively protect client data in the future, I am transitioning to a predominantly digital format, receiving practice-specific encryption and digital security services, and maintaining back-up data in encrypted digital formats, as well, in order to prevent access, in the event of theft. Additionally, the burglary has been reported to the Wichita Police Department, and the breach of your healthcare information, to the United States Department of Health and Human Services.
If you have questions or concerns, I am available to address those by way of telephone, at 316-351-8083, or email, at firstname.lastname@example.org. Please feel free to contact me as needed, to clarify any aspect of this communication, or if you need help in responding effectively to this breach of your information.