Q1: What type of information was included in these documents?
A1: The protected health information consisted of medical history questionnaires, immunization records, quarters forms, civilian medical documentation, urgent care forms, requests for medical record forms, record of chronological care forms, laboratory, radiology and EKG results.
Q2: How would I know if I was affected by this privacy breach?
A2: The 374th Medical Group sent each individual affected by the incident a notification letter by mail. If you have received a letter and have any questions, the 374th Medical Group stands ready to help. Please contact SSgt Elizabeth Jakubowski, the HIPAA privacy officer, at DSN 315-225-6478, by commercial phone at 011-81-3117-55-6478, or by e-mail at Elizabeth.firstname.lastname@example.org
Q3: What warning signs should I look for that might suggest I've been victim of a privacy breach?
A3: Though there is no indication that information was used maliciously in this case, such signs might include not getting bills or other mail on time, receiving credit cards you didn't apply for, or getting calls or letters from debt collectors or businesses about merchandise or services you didn't buy. For more information about warning signs or to learn about actions you can take to protect yourself from identity theft, visit the Federal Trade Commision website at http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/about-identity-theft.html
Q4: In the event that this privacy breach resulted in identity theft, what actions should affected individuals take? Is there any way for individual patients to be compensated for their loss, financial or otherwise? If so, who should they contact to start that process?
A4: Though there is no evidence that the material was used maliciously, affected individuals should begin by filing a report with SFS's Law Information Desk at 225-7200 then file a complaint with the Federal Trade Commission at www.consumer.gov/idtheft
or by phone at 1-877-FTC-HELP. The document "Take Charge: Fighting Against Identity Theft" provides more information and can be found here http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.shtm
Q5: What were these documents doing in a service member's home?
A5: The incident remains under investigation; therefore, any information of this sort would be speculation.
Q6: If these documents were discovered back in May, why did it take until October to notify the patients and the general public?
A6: The information was released as soon as the investigation permitted and facts were sufficiently gathered to inform the people involved.
Q7: What is the Medical Group doing to ensure that incidents like this never happen again?
A7: The 374th Medical Group takes this breach of privacy very seriously and is therefore reinforcing the established Dept of Defense and Air Force standards on protection of medical information, to preserve and protect the confidentiality of all information contained in patients' medical records.
All staff member are trained annually and semi annually on the handling and releasing of healthcare information. The 374th Medical Group personnel are required to adhere to the Health Insurance Portability and Accountability Act of 1996. The purpose of the HIPAA Privacy Rule is to prevent inappropriate use and disclosure of individual's health information.
Q8: What disciplinary measures will the service member undergo?
A8: Though we can't speculate about future disciplinary action since the incident remains under investigation, we can say that the Air Force holds its Airmen to the highest standards and the AF will take appropriate action as deemed necessary.