A News-Leader file photo of a Burrell Behavioral Health facility. (Photo: News-Leader file photo)
Late Friday, Burrell Behavioral Health announced that a “business associate” with a third-party vendor had “improperly secured” medical records for up to 67,493 patients in a way that could have “potentially permitted access to unauthorized individuals.”
Burrell spokesman Matt Lemmon would not name the third-party vendor.
Burrell discovered the possible breach Jan. 30, Lemmon said, and Burrell’s disclosure of the incident nearly two months later was within a HIPAA guideline that such incidents must be disclosed within 60 days. Lemmon said Burrell had taken time […] Read more