November 21, 2017

NOTICE: Possible Unauthorized Access of Patient Information in Heard County

(Franklin) — The Heard County EMA (the Ambulance Agency) just received notice from Advanced Data Processing, Inc. (the Company), which handles billing for the Ambulance Agency, that certain patient records connected with the Ambulance Agency may have been improperly accessed.

Accessed account information may have included name, date of birth, Social Security number and record identifier, but no medical information was accessed.  Neither Heard EMA nor any other department of Heard County had any involvement with this data breach other than having a contract with the Company to process ambulance billing claims.

On August 11, 2014, the Company learned from the Internal Revenue Service that certain patient records connected with the Ambulance Agency may have been improperly accessed.

By way of background, the Company was originally notified by law enforcement in Tampa, Florida in October 2012 that a now-former employee of the Company illegally accessed and disclosed certain patient account information in connection with a scheme to file false federal tax returns.

When the Company first learned of this incident the Company had no reason to believe that any account information of the Ambulance Agency had been accessed. The employee was apprehended by authorities, immediately terminated by the Company, pleaded guilty to charges brought against her, and has since been sentenced.

Based on the additional information that was recently provided to the Company by the IRS, however, the Company and the Ambulance Agency have now learned that account information of some Ambulance Agency patients may have been among the information that was accessed by the former employee.

Although it is not known whether any of such information was actually misused, this cannot be ruled out and the Company and the Ambulance Agency are providing notice out of an abundance of caution.

The Company long ago implemented a compliance program that includes initial and annual compliance training, background checks on new hires, and privacy and security measures designed to meet the standards of the HIPAA HITECH Act.

To further minimize the risk of future data breaches, the Company has made its employees aware of this incident, the Company’s systematic ability to catch them should they violate the trust placed in them, and the severe consequences to those who are caught.

The Company has also reminded its employees of the importance of maintaining the security and confidentiality of sensitive personal data.

Individuals who believe they may be affected by this incident are advised to remain vigilant for incidents of fraud and identify theft by reviewing credit card account statements and monitoring their credit report for unauthorized activity.

Free credit reports are available from any one of the national consumer reporting agencies, Equifax, Experian or TransUnion and from independent credit report providers. A number of companies also offer free credit monitoring services.

Individuals should report any suspected identity theft to law enforcement, their state Attorney General, and the Federal Trade Commission (FTC). The credit bureaus and FTC can also provide information about fraud alerts and security freezes and state attorneys general and the FTC can provide additional information about avoiding identity theft.

In some states affected individuals also have a right to obtain a police report if they are a victim of identity theft. The Company has posted information about the purpose, procedures and costs for security freezes as well as contact information for the credit bureaus, the FTC and certain state attorneys general at www.myidcare.com/intersecurity.

Patients with general questions regarding this incident can also visit www.myidcare.com/intersecurity or call 1-877-866-0631 Monday through Friday Monday, 9 a.m. to 9 p.m. Eastern, toll free, to obtain more information.

Leave a Reply

%d bloggers like this: