Dr. Olartino Dyoco Data Breach (2015)

As often discussed on this site, health data breaches can stem from numerous areas. Covered entities and their business associates need to ensure they have a comprehensive data security plan, and are able to implement the necessary physical, administrative, and technical safeguards. However, accidents still happen, which is what two facilities are currently experiencing. An office burglary and a case of improper disposal show how health data security approaches often need to be adjusted, to ensure that the same type of incident does not happen again. Calif. physician notifies patients after office break-in Dr. Olartino Dyoco sent data breach notification letters to patients after certain information was potentially exposed following an office break-in. Dyoco noticed on June 2, 2015, that his office had been burglarized, according to a copy of the breach notification letter. Several computers were stolen, Dyoco reported, containing information such as patient names, dates of birth, telephone numbers, insurance numbers, treatment codes, and billing information. "The circumstances that resulted in this breach were unforeseeable, and Dr. Dyoco assures you that he has heightened procedures and safeguards to prevent a recurrence of this situation," stated the letter, which was dated July 13, 2015. "He added levels of encryption to his computer systems, and advised his staff with regard to security training anything to avoid this situation in the future." The incident was reported to the Fresno, California police department, and if individuals have questions they are encouraged to contact the medical office's attorney. The data breach notification letter did not specify how many patients were potentially affected, or if there was some type of encryption on the stolen laptops. However, the letter did say that patients' "security, confidentiality, integrity and privacy of patient personal information are highly valued by Dr. Dyoco."