Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Ankle + Foot Center of Tampa Bay, Inc.
Reported a breach of medical information involving at least 500 people to the U.S. Department of Health and Human Services, Office for Civil Rights; the report was received on January 3, 2011.
Report ID: FL006, U.S. Department of Health and Human Services, Office for Civil Rights
Reported Entity: Ankle + Foot Center of Tampa Bay, Inc.
Issue:
The covered entity's (CE) network server, containing the electronic protected health information (ePHI) of 136,000 patients, was hacked. The types of ePHI involved in the breach were demographic and clinical information, including diagnoses and other treatment data. Following the breach, the CE hired a third party vendor to resolve a data crash and to create a data back-up plan in order to restore office functioning. To implement adequate safeguards, the CE also employed a cloud service with increased security as the new network server. Additionally, the CE contacted the local FBI office to assist with the CE's internal investigation of the breach and provided breach notification to all affected individuals, the media, and HHS. As a result of OCR's investigation, the CE developed and implemented new protocols to comply with the Security Rule. In addition, the CE provided and initiated new trainings for its staff, completed hiring of a new network vendor, implemented a new electronic health records system, and accounted for the disclosures in the affected individuals' medical records.