Healthcare Firm Informs Local Residents of Potential Information Security Breach

Published on Mon, Aug 13, 2012 (11:39 a.m.)

Submitted by Apria Healthcare

FOR IMMEDIATE RELEASE

August 13, 2012


For Further Information, Contact
Lisa M. Getson, Executive Vice President, 949-639-2021
26220 Enterprise Court
Lake Forest, California 92630
Tel 949.639.2000


Local Patients of Healthcare Provider to be Alerted to
Potential Information Security Breach


LAKE FOREST, CA…August 13, 2012…Apria Healthcare, Inc. (“Apria”) announced today that a company-owned employee laptop containing patient names, Social Security numbers and possibly other protected health information (PHI) was stolen from a locked vehicle in Phoenix, Arizona. Because the employee managed billing functions for the company, the laptop contained information pertaining to patients served by the company in a number of states, including California, Arizona, New Mexico and Nevada.

In compliance with both state and Federal regulations pertaining to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its own corporate compliance program policies and procedures, Apria is alerting approximately 11,000 patients of the incident via personal mail and the media in the specific areas of certain states where the patients reside. In the notices, Apria will offer all impacted patients a complimentary subscription to a credit monitoring service for one year in order to monitor for potential impact on their credit.

“We truly regret that this incident occurred and apologize for any concern or inconvenience it may cause our patients,” said Doreen R. Bellucci, Apria’s Associate General Counsel and Privacy Officer. “We take our responsibility for safeguarding patients’ information very seriously and are taking additional steps to minimize the chances of this type of incident happening again. We are reinforcing the importance of protecting the privacy and security of confidential information with our employees and enhancing our internal safeguards to ensure the continued protection of all confidential and personal information in our care and custody.”

On June 14, 2012, a laptop owned by Apria was stolen from an employee’s locked vehicle. After discovering the theft, Apria immediately reported it to law enforcement and began investigating it. After the investigation, which was undertaken not only by Apria’s internal investigators but also by a private investigator and third-party digital forensics experts, Apria learned that the files on the stolen laptop’s hard drive contained patient information, including Social Security numbers and names, and may have included date of birth and/or other personal or health information.

“There has been no indication that any information has been accessed or misused,” explained Ms. Bellucci. “However, Apria has nevertheless taken many steps necessary to address the incident and is committed to fully protecting all of our patients’ personal information. In addition, we have notified or are in the process of notifying the appropriate Federal and state regulatory agencies of the incident. We are also in the process of encrypting all of the company’s laptops with due speed and strengthening other aspects of our internal HIPAA security program.”

Although affected patients will be notified individually, current or past patients of the company who reside in this area and who believe that they may be affected by the incident are encouraged to take the following steps to protect themselves from potential unintended consequences resulting from the incident:

1. Check credit and accounts frequently over the next few years.

2. Send a fraud alert to the following three credit reporting agencies:

Credit Reporting Agency Telephone Number E-mail Address Postal Address
Equifax 1-800-685-1111 www.equifax.com P.O. Box 740241
Atlanta, GA 30374
Experian 1-888-397-3742 www.experian.com P.O. Box 2104
Allen, TX 75013
TransUnion 1-800-680-7289 www.transunion.com P.O. Box 6790
Fullerton, CA 92834

3. Contact the Federal Trade Commission, Consumer Response Center, 1-877-438-4338, Room 130-B, 600 Pennsylvania Avenue, N.W., Washington, D.C., 20580 (http://www.ftc.gov/bcp/menus/consumer/data.shtm), which can provide additional advice regarding how to protect personal information.

4. Notify law enforcement or the office of the state’s Attorney General in the event of a suspected identity theft.
Area residents who have a question may email the Company at [email protected] or contact the Company at the following address:
Apria Healthcare, Attn: Privacy Officer
26220 Enterprise Court
Lake Forest, CA 92630

Apria provides home infusion therapy, home respiratory therapy and home medical equipment through approximately 540 locations serving patients in all 50 states, Apria is the nation's leading home healthcare company. For more information, visit www.apria.com.
###