Lost or Stolen Records

Lost or Stolen Records

What must the doctor do if patient records are lost or stolen?

Breach of health information security has both regulatory and financial liability consequences. Under federal privacy laws and rules, the loss or theft of records would be considered a breach of HIPAA. The doctor is required to:

  1. Advise all patients whose records were involved that their information was compromised;
  2. Advise the Department of Health and Human Services/Office of Civil Rights that the breach happened and the steps taken by the doctor to mitigate (such as credit monitoring) and prevent future occurrences; and
  3. Review all policies and procedures to make sure they are HIPAA compliant.

Details concerning these requirements may be found on the government’s website at: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html

In addition, HHS issued guidance in 2006 on remote/home access to HIPAA protected information. The link can be found at:  https://www.hhs.gov/hipaa/for-professionals/security/index.html

With regard to potential monetary liability, some insurance policies cover a business owner for data breaches. The physician should notify his or her carrier immediately upon discovering the breach. Often, when the doctor has coverage for this type of occurrence, the insurance company may help fund the patient notification process, as well as pay for the cost of credit monitoring.

About Author

ICS Staff

The Illinois Chiropractic Society staff works collaboratively on many topics to bring the most comprehensive and relevant information to our members. We have over 60 years of chiropractic experience and understand the heartbeat of the profession. We all look forward to providing relevant information to our members for years to come.

Leave a reply

Recent Videos


Corporate Club


Article Categories