Andersen personnel notified of PHI disclosure Published June 19, 2011 ANDERSEN AIR FORCE BASE, Guam -- The 36th Medical Group here recently informed approximately 700 active-duty patients that their Protected Health Information from the Preventive Health Assessment Clinic may have been compromised. On May 13, 2011, PHI consisting of medical history questionnaires, immunization records and appointment schedules were mistakenly recycled instead of being shredded. These forms included names, social security numbers, dates of birth, medical information, personal home addresses and personal phone numbers. Upon discovery on May 17, the 36 MDG immediately began an investigation, identified those at risk and mailed notification letters to all active-duty patients involved. Information was provided describing steps to place a fraud alert on personal credit files should the patient deem it necessary. A link to that information is available at http://www.ftc.gov/bcp/edu/microsites/idtheft/. To prevent this from reoccurring in the future, all 36 MDG staff has been reeducated on the proper disposal of PHI, which is to be shredded on a daily basis. This guidance will also be incorporated and clearly spelled out in existing 36 MDG HIPAA policies and will be strictly enforced. While there is no evidence to suggest that personal data has been used as a result of the loss, it is Air Force policy to apprise individuals who may have been at risk for compromise. Because the 36 MDG takes the protection of privacy very seriously, we are reviewing our current policies and practices to determine if changes should be made to prevent any similar incidents in the future. If you received the notification letter, please direct any questions to the 36 MDG HIPAA Privacy Officer, Capt. Angela Naugle at angela.naugle@andersen.af.mil.