Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: Cherry Creek notifies OCR of data security incident

Cherry Creek Eye Physicians and Surgeons, P.C. ('Cherry Creek') notified, on 14 June 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 17,732 individuals. In particular, Cherry Creek stated that Eye Care Leaders, Cherry Creek's outside vendor hosting its electronic medical record system, had experienced a data security incident that may have resulted in unauthorised access to the sensitive personal information of Cherry Creek's patients.

In light of the investigation carried out, Cherry Creek explained that the lack of available evidence prevented Eye Care Leaders from ruling out that some protected health information and personally identifiable information may have been exposed, and further noted that information potentially affected included: patients' names, addresses, dates of birth, social security numbers, diagnostic information, and health insurance information.

Lastly, Cherry Creek stated that, after the discovery of the incident, it had notified individuals whose information was involved, and established a dedicated call center to answer questions relating to this incident.

You can read the notice here and access details on the OCR portal here.