Fort Worth medical clinic spends $15,000 notifying patients of theft

FORT WORTH -- In June, employees at a Fort Worth allergy clinic discovered that the office door had been kicked in and four computers containing patients' personal information including Social Security numbers and birth dates had been stolen.

This week Fort Worth Allergy and Asthma Associates spent $15,000 mailing letters notifying the clinic's 25,000 patients of the burglary. The stolen computer database also contained patient's addresses and diagnoses, Dr. Robert Rogers said.

"In terms of sensitive clinical information that could be taken, we're an allergy clinic so I don't think there was anything embarrassing taken," he said. "It's bad enough that they did get identity information like Social Security numbers."

Since September, the Health Insurance Portability and Accountability Act has required that a data breach involving unsecured protected health information of more than 500 people must be reported to the federal government. Anyone who is affected and major news outlets must be informed of the data breach.

"The cost of doing the mailing is more than cost of replacing the equipment," Rogers said.

After the burglary, Rogers said he had no idea what kind of challenge his office would face notifying every patient.

"We had a backup of the database, so once we got the new computers in we had to re-establish the database, then create this enormous mailing list," he said.

After some researching they discovered they could outsource the task of addressing all the letters. And the clinic's business insurance covered it.

The clinic has not converted to an electronic medical record system and none of the patients' charts were taken in the June 29 burglary. But because the database was password-protected, there was a possibility that someone could circumvent the security, Rogers said.

As a precaution, patients were advised to notify one of the credit bureaus to place a fraud alert on their accounts.

None of the stolen property has been recovered. But to prevent a similar loss, all personal information is now stored in an off-site server with access allowed only through a secured, encrypted virtual private network, Rogers said.

In July, about 27,000 prescription records for students, faculty and staff at the University of Texas at Arlington's Student Health Center were exposed to theft when a computer server was left unsecured four times.

Jan Jarvis, 817-390-7664