Patient HIPAA Notification

January 25, 2021

Dear Patient:

We are posting this letter to our website as a part of our continuing commitment to your privacy. On 11-30-2020 we became aware that a small number of our patient’s private information may have been compromised, including name, address, social security number and medical records. The patients affected were last seen in our office between 2003-2004.

We believe the breach occurred on or about 11-20-2020 and involved the connection of an old, inactive company flash drive to an outside network which was later breached. The old company flash drive held 199 of inactive patient files which had not been completely deleted when the flash drive was put out of service.

We have taken steps to investigate this breach and prevent any potential harm to you (or your loved one), including hiring a qualified firm to conduct a security investigation to determine the nature and extent of the breach and whether or not it is likely the personal information was shared or disseminated to third parties. At this time our expert has not been able to determine if your information was actually accessed, shared or disseminated.

As a precaution, you may want to take additional steps to protect yourself (or your loved one) from harm, including registering a fraud alert with a credit bureau such as the ones listed below, and ordering your credit reports:

Experian: www.experian.com

TransUnion: www.transunion.com

Equifax: www.equifax.com

We sincerely apologize and regret that this situation has occurred. We are committed to providing quality care, including protecting your personal information, and we want to assure you that we have policies and procedures in place to protect your privacy. We have made sure that old flash drives have been completely destroyed so that this breach will not occur again.

If you have any questions, please email our Office Administrator at moc.esaesidcigrella%40thgirw.mik.

Sincerely,

Allergic Disease and Asthma Center, P.A.