Northgate Medical P.C. announced a data breach involving the theft of patient information including names, addresses, dates of birth and phone numbers. A former employee of the Springfield, Mass.-based medical group acquired the information before leaving the organization, according to a March 22 statement.
According to Northgate’s release, the former employee took the information for “marketing purposes,” rather than those related to “identity theft or fraud.” The medial group reported the theft to Springfield police and notified patients, suggesting they report the incident to credit bureaus and monitor credit reports.
"Northgate sincerely apologizes and regrets that this situation occurred," the statement said, noting that the notifications were done to comply with the HIPPA Breach Notification Rule. All HIPAA-covered entities must provide notification after a "breach of unsecured protected health information," according to the federal health law.
The latest development comes weeks after a state audit discovered Northgate Medical had substantially overbilled MassHealth, the state’s combined Medicaid and Children’s Health Insurance Programs. According to a Massachusetts state audit, Northgate improperly billed MassHealth by more than $191,000 over a three-year period.
Jose Azocar, MD, a Northgate partner involved in the overbilling audit, said the two incidents are unrelated.