Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: Colorado Physician Partners notifies OCR of data security incident

Colorado Physician Partners ('CPP') notified, on 25 March 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 12,877 individuals. In particular, CPP stated that, on 27 January 2022, it had discovered that an unauthorised individual had gained access to a CPP employee's work email account. Further, CPP noted that, following an investigation into the incident, it was found that the access by the unauthorised individual involved syncing which may have resulted in the individual having access to certain emails with personal information. As such, CPP highlighted that the potentially affected personal information includes full names, dates of birth, social security numbers, home addresses, phone numbers, email addresses, insurance ID numbers, and, in some cases, medical information.

In response to the incident, CPP highlighted that it had reset all passwords and made changes to settings and how employees gain access to their emails, whilst also reinforcing employee training.

You can read the notice here and access details on the OCR portal here.