Printer Friendly, PDF & Email

Privacy Briefs: September 2019

◆ A man who spent several months of 2017 in Lehigh Valley Hospital in Allentown, Pennsylvania, has sued the hospital’s parent company, Lehigh Valley Health Network, claiming that a doctor who wasn’t treating him and with whom he had a contentious business relationship illegally viewed his medical records 12 times. Steven Kahlon, who was a patient at the hospital in 2017, contends in his suit that Johnny Shea-Yuan Chung, M.D., a plastic surgeon who owned a business with Kahlon, looked at Kahlon’s medical information 12 times between February and June 2017, even though he wasn’t treating Kahlon. Both the Lehigh Valley Health Network and the Pennsylvania Health Department acknowledged in letters filed in connection with the lawsuit that the patient’s privacy had been violated, and the health department recently cited the health system for not protecting confidential patient information. Chung, who no longer works at the health system, called the lawsuit frivolous in a court filing. View more details at

◆ Presbyterian Healthcare Services, based in Albuquerque, New Mexico, has reported a data breach that allowed unauthorized access to personal information belonging to approximately 183,000 patients and health plan members. A spokesperson for the health system says the breach allowed access to names, dates of birth and Social Security numbers. The breach occurred after Presbyterian employees responded to a phishing email sent around May 9, the spokesperson says. Presbyterian became aware of the incident on June 6 and shut down the affected email accounts. Most breach victims are residents of New Mexico. The health system said there’s no evidence that hackers accessed electronic health record or billing information. Presbyterian says it’s adding additional security measures to protect its email system, which it says will complement the annual security training for employees. Learn more at

◆ The personal information of as many as 122,000 customers of Oregon-based Providence Health Plan’s dental program may have been compromised in a security breach at the program’s administrator, Virginia-based Dominion National, that in total could affect close to three million patients. The breach may have started as long as nine years ago, according to a letter sent to Providence customers. According to the letter, an unauthorized party may have accessed Dominion’s computer servers, and potentially could have breached records for some 2.9 million individuals nationwide whose insurance plans use Dominion as an administrator. Dominion said the unauthorized parties may have accessed customers’ personal information, including names, addresses, dates of birth, Social Security numbers and insurance information. Read the story at

This document is only available to subscribers. Please log in or purchase access