Employees at Sight and Sun Eyeworks Quit Practice and Steal EHR Data


It seems like the news regarding patient information breaches gets stranger every day. A former physician and office manager from Sight and Sun Eyeworks Gulf Breeze are being sued for stealing patient information with the intent to switch patients over to the new practice they’re both working for.

According to a lawsuit filed in the Santa Rose County Courthouse on May 30th, Dr. Suzanne M. Day and Lynette Bramlett, both who worked for the Sight and Sun Eyeworks Office, quit without giving notice in May. They left to work for a competing optometry office, and began to improperly use Sight and Sun’s patient data. These patients were suddenly notified that their scheduled appointments were being moved to another location.

“Multiple patients have contacted Sight and Sun … and have stated that appointments they had previously made during the month of May 2013 with Sight and Sun… were changed by Day and Bramlett, or their employees, to occur in the month of June 2013 at their new offices,” according to the suit. “Day and Bramlett have informed Sight and Sun … patients that Day will continue their healthcare at her new location, effectively stealing these patients.”

Breach notification letters were sent to 9,000 patients informing them that their information had been stolen, including their names, social security numbers, addresses, and treatment information.

In the legal notification letters, Sight and Sun Eyeworks said the health information is being used primarily to offer medical services, but they added: “However, patients should closely monitor their credit card, bank and other financial statements for signs of fraud and identity theft.”

We're Integris. We're always working to empower people through technology.

Keep reading

Nine Policies and Procedures for Compliance with HIPAA

Nine Policies and Procedures for Compliance with HIPAA

The HIPAA Security Rule was enacted in 1996 by the U.S. Congress, designed to establish national standards to protect individuals’ electronic personal health information used and/or stored by a covered entity. The HITECH act states that all healthcare providers will...