East Houston Medicine and Pediatrics Clinic

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Hundreds of boxes containing medical records from East Houston Medicine and Pediatric Clinic were inadvertently sold at a storage unit auction. The records, which date from 2009 to 2019, were purchased by Ben Rosales, who had hoped to find valuable items for resale but instead discovered the sensitive medical documents. The files contained personal patient information, including healthcare histories, names, addresses, and Social Security numbers, posing a significant risk of identity theft and HIPAA violations[1][3][5].

The clinic’s owner, Dr. Wilson, was contacted by Rosales, who offered to return the files for $15,000. Dr. Wilson initially told Rosales he would call him back but later declined to pay for the return of the records, stating that Rosales could keep them[1][3]. This situation has raised concerns about patient privacy and the proper disposal of medical records, which by law must be maintained for at least seven years after a patient’s last visit and can only be destroyed by shredding or burning[3].

The breach has not only exposed the clinic to potential HIPAA penalties, which can range from $100 to $50,000 per violation, but also criminal penalties for intentional violations[5]. Rosales has reached out to medical and insurance providers listed in the paperwork and has been in contact with agencies that deal with privacy violations[1][3]. The incident highlights the importance of secure storage and disposal of medical records to protect patient privacy.

Citations:

  1. https://www.fox26houston.com/news/east-houston-medical-clinic-records-bought-at-storage-unit-auction
  2. https://health.usnews.com/best-hospitals/pediatric-rankings
  3. https://www.khou.com/article/news/local/medical-records-storage-unit-houston/285-1a26e94d-f811-48a9-9b47-cefc3be31708
  4. https://www.aap.org
  5. https://www.houstonchronicle.com/news/houston-texas/trending/article/houston-doctor-storage-unit-medical-files-auction-18197916.php
  6. https://www.kelsey-seybold.com
  7. https://www.healthgrades.com/group-directory/tx-texas/houston/east-houston-medicine-and-pediatric-clinic-xb8f6j
  8. https://www.houstonchronicle.com
  9. https://www.chron.com/business/medical/article/Harvey-damaged-East-Houston-Regional-Medical-12345399.php
  10. https://www.stanfordchildrens.org
  11. https://www.usatoday.com/story/news/factcheck/2023/12/18/texas-childrens-hospital-treats-unvaccinated-patients-fact-check/71911864007/
  12. https://www.uth.edu
  13. https://www.texastribune.org/2023/05/19/ken-paxton-texas-childrens-hospital/
  14. https://www.stjude.org
  15. https://www.justice.gov/usao-sdtx/pr/united-memorial-medical-center-pay-2m-plus-additional-payments-allegedly-causing-false
  16. https://www.mayoclinic.org
Breach Submission Date Jul 13, 2023
Converted Entity Name East Houston Medicine and Pediatrics Clinic
Converted Entity Type Healthcare Provider
State TX
Individuals Affected 13,184
Breach Type Loss

Breach Information Location Paper/Films

Business Associate Present Yes