PHI Stolen from Covered Entities in Corpus Christi and San Francisco


Patients of two HIPAA-covered entities got notification letters that their protected health information (PHI) had been compromised because of burglaries. The first breach incident happened on April 16, 2018 affecting two Christus Spohn Hospitals in Corpus Christi. A Christus Spohn employee was burgled, resulting in the theft of PHI, which included the patients’ names, schedule of service, birth dates, ages, health record numbers, account numbers and other medical information. The driver’s license numbers, Social Security numbers or other financial data of the patients were not included in the stolen information.

The patients whose PHI was compromised were those formerly cared for at the Christus Spohn Health System’s Memorial or Shoreline hospitals. Fortunately, there’s no report that has been received yet concerning the improper use of the patients’ PHI. This breach incident impacted approximately 1,800 patients. The hospital already took the needed actions to prevent a similar incident from happening again. The burgled employee went through additional security training to make certain he completely knows what to do in protecting the PHI of patients.

The second burglary took place in San Francisco at the Pacific Heights office of acupuncturist Denise M. Bowden on the last weekend of April 2018. The thief ransacked her office and stole a computer. The PC contained some patients’ PHI including the names of patients, telephone numbers, addresses, diagnosis codes, treatment dates and information on health insurance, but there was no financial data or Social Security numbers stored in the computer.

The lost computer had password protection, but patient data wasn’t encrypted. Hence, it is still possible that unauthorized people could access the patients’ information. Currently, there’s no report submitted that denote protected health information was accessed or misused. Ms. Bowden only learned about the theft on April 30, 2018.  She alerted her patients by mail concerning their compromised PHI on June 11, 2018.