Riverside Health System

An employee authorized to work from home failed to return paper records to the physician practice. Her ex-husband discovered the records and returned them to the physician practice. The breach included the protected health information (PHI) of 578 individuals. The PHI involved in the breach included demographic information, dates of birth, social security numbers, medical records numbers, and clinical information. Following the breach, the covered entity re-educated all employees. OCR reviewed the CE's risk analysis to ensure compliance with the HIPAA Privacy and Security Rules.
Location of breached information: Paper/Films
Business associate present: No