Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: all
Company or Organization:
Date Made Public:
November 2, 2018
Company: Summit Medical Group
Location: , New Jersey
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
525

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
August 23, 2016
Company: Summit Medical Group, In. dba St. Elizabeth Physicians
Location: Independence, Kentucky
Type of breach:
DISC
Type of organization:
MED
Records Breached:
674

As reported by Health and Human Services unauthorized access/disclosure. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

Information Source:
Government Agency
Date Made Public:
August 23, 2016
Company: Summit Medical Group, Inc. dba St. Elizabeth Physicians
Location: , Kentucky
Type of breach:
DISC
Type of organization:
MED
Records Breached:
674

The covered entity (CE), Summit Medical Group, Inc. dba St. Elizabeth Physicians, discovered that an employee at its Weight Management Center (WMC) sent an email on July 12, 2016, notifying recipients of an upcoming vitamin presentation, but inadvertently failed to blind copy the recipients. Recipients were able to see all other recipients’ email addresses. The email was sent to 811 addresses, but because some were undeliverable and some belonged to the CE’s employees, the CE calculated the number of individuals affected as 674. On August 23, 2016, the CE provided breach notification to HHS, affected individuals, and the media. In response to the breach and as a result of OCR’s investigation, the CE reviewed and adjusted its emailing procedures, sanctioned the WMC employee, and provided training to its leadership and the WMC workforce. Additionally, the employee who sent the email started a multi-session individual training program. OCR obtained assurances that the CE implemented the corrective actions listed above.

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
September 28, 2011
Company: Summit Medical Group, Emory Family Practice, Fountain City Family Physicians, Office of Dr. Kenneth Reese
Location: Knoxville, Tennessee
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
750

The September 4 theft of documents from an employee's car resulted in the exposure of patient names and diagnoses.  The car was parked at the employee's home.  Summit Medical Group account numbers, dates of birth, primary physician's names, names of hospitals, and dates of discharges were exposed.

Information Source:
PHIPrivacy.net
Date Made Public:
September 28, 2011
Company: Summit Medical Group, PLLC
Location: , Tennessee
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
731

On September 4, 2011, a Summit Medical Group (SMG) employee’s car was burglarized, resulting in the theft of paper reports containing the protected health information (PHI) of approximately 731 of the covered entity’s (CE) patients. The PHI involved in the breach included account numbers, patients’ names, physicians’ names, names of hospitals, dates of discharge, dates of birth, names of insurance providers, and discharge diagnoses. The CE provided breach notification to HHS, the media, and affected individuals. It also offered credit monitoring services and created a customer service center to handle questions. Following the breach, the CE initiated an internal investigation, filed a police report, notified the affected physician sites of the breach, conducted a risk assessment, and adopted additional identification verification measures for affected individuals. As a result of OCR’s investigation, the CE updated its HIPAA policies and procedures and improved safeguards by encrypting laptop computers.

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
CSV