Ex-Employees of Hair Free Forever and Muir Medical Group Violate HIPAA Privacy Rule

The former employees of Hair Free Forever and Muir Medical Group stole the protected health information (PHI) of patients and gave it to other employers. The patients were informed by the covered organizations concerning the data breach.

Hair Free Forever provides permanent hair removal treatments in Ventura, CA. A previous employee of the organization stole patient data and called the patients to get a number of clients. Hair Free Forever utilizes Thermolysis for the hair removal therapy, which is regarded as a medical treatment. Consequently, the company and its personnel must comply with the HIPAA Regulations.

Hair Free Forever had informed the California attorney general about the data breach. The company’s officer Cheryl Conway likewise advised affected patients about the data breach. The company only became aware of the data thievery after getting complaints from clients that the ex – employee was getting in touch with them.

When the data breach was inspected, it was learned that the data the ex-employee took consist of the patients’ names, contact information, birth dates, clinical histories, mental and physical test results, diagnoses, treatment information, physicians’ names, prescription drugs and intimate personal images. Hair Free Forever had taken action to protect the PHI of clients.

This breach hasn’t shown up yet on the web portal of Department of Health and Human Services’ Office for Civil Rights, hence there is no particular information on how many patients were affected. There was a complaint put forward to OCR concerning this HIPAA violation.

An identical breach incident occurred in an indie physicians’ association located in Walnut Creek, CA. Muir Medical Group IPA publicized the breach report at the end of May. It was posted on the OCR breach web portal specifying that an ex-employee took the PHI of 5,484 patients to his new employer.

The breach was found out on March 7. Muir Medical Group employed a third-party computer forensics company to look into the occurrence. The former employee had taken the information of patients were treated by Muir Medical Groupp from November 2013 to February 2017. The compromised data included names, telephone numbers, addresses, examination results, diagnoses, therapy information, prescription drugs and Social Security numbers. Muir Medical Group provided all impacted patients no cost credit monitoring services for 12 months.

About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA