Search Results : texas »

Mar 022014

Ann Smajstrla of The Herald Democrat reports that Dr. J. M. Benson, whose practice is in Sherman Texas, has been notifying patients of a breach that occurred at the beginning of the year.

Office staff noticed on Jan. 5 that the office had been broken into, and that computers and one or more hard drives were stolen, the office said in a written statement. As a result, personal information of patients including names, addresses, phone numbers, Social Security numbers and health insurance provider policy numbers could have been compromised. Benson immediately reported the incident to police, and the investigation is ongoing.

Read more on The Herald Democrat. I cannot find any web site for the doctor or additional information at this time. And since there’s nothing in the media report to suggest the data were encrypted,  I am wondering why the doctor seemingly had “computers and one or more hard drives” without encryption. 


Jan 162014

Miles Moffeit reports:

A federal grand jury has handed down additional charges against Dr. Tariq Mahmood, whose rural hospital chain collapsed last year amid reports of reckless care and alleged fraud.

The Dallas businessman now faces seven counts of aggravated identity theft, according to papers filed in U.S.district court in Tyler.

Those come on top of eight counts of healthcare billing fraud brought last year. Mahmood has pleaded not guilty to both sets of charges.

The new indictment doesn’t provide details of the alleged theft. It only says “Mahmood, aided and abetted by others both known and unknown to the grand jury” unlawfully used the names of Medicare beneficiaries in a conspiracy to commit health care fraud.

Read more on Dallas News.

Dec 232013

Lynn Sessions and Cory J. Fox of Baker Hostetler write:

The Texas Health Services Authority (THSA) recently announced its selection of the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), the most widely adopted information privacy and security framework in the U.S. healthcare industry, to form the basis of the Texas Covered Entity Privacy and Security Certification Program, setting the stage for Texas to become the first state in the nation to implement a formal certification program that incorporates state and federal privacy and security regulations, including HIPAA and the Texas Medical Records Privacy Act (TMRPA).

Read more on Lexology.

Dec 162013

One of the breaches newly revealed on HHS’s public breach list involves Greater Dallas Orthopaedics, PLLC in Texas, who reported that 5,840 patients had PHI on a desktop stolen on August 30.

Although I couldn’t find any statement about the breach on their web site at this time (I wish it wouldn’t take HHS so long to post breaches!), I was able to track down a cached copy of a media notice that appeared in: The Dallas Morning News on Wednesday, 10/30/2013:


If you have been a patient of Allaaddin Mollabashy, M.D., Nathan F. Gilbert, M.D. and/or Greater Dallas Orthopaedics, PLLC in Dallas, Texas, you are hereby notified that a privacy breach of personal health information may have occurred when two computers were stolen during a break-in on or about September 1, 2013. The files stored on the computers’ desktop contained dictated letters (auditory only) with names and medical information only; thus, there is no risk for identity theft. Also, these files were password protected; that is, any person authorized to use the computer had a sign-in name/password ID. However, if for any reason you become aware of harm to identity or reputation that may be related to this incident please contact our professional privacy team at 1-800-331-6844 Mon-Fri between 8:30am and 6:00pm or by email to

Oct 042013

CORRECTION:  In response to the original post, below, I received the following e-mail from Texas Health:

Good morning. Just an FYI that we did notify these patients within the 60-day timeframe. The problem is that in our efforts to keep the press release at the top of our news page and easy for people to find, we have to repost it – and it gets tagged with the current date. And every time we do that, it’s resent to people who are signed up for our news feed. That includes reporters. In addition to the ‘new’ date, we left the phrasing “announced today” in the copy. It should have read “July 2013.” So we’ll try to make that more clear in the future. Thanks for being such advocates for patient privacy. appreciates Texas Health’s clarification.

Original post:

Five months after discovery of breach, Texas Health Harris Methodist Hospital Fort Worth notifying patients

Remember that incident involving Texas Health Harris Methodist Hospital Fort Worth and their vendor Shred-It? The breach involving microfiche records of over 275,000 patients was disclosed in July. According to the hospital, the microfiche records may have included patient names, addresses, dates of birth, medical record numbers, clinical information, health insurance information, and in some instances Social Security numbers.

I was surprised to learn that Texas Health Harris Methodist Hospital Fort Worth is first sending out notification letters now.

Given that they first learned of a problem in May, will HHS find this delay in notification acceptable? It certainly exceeds the 60-day timeframe.