EqualizeRCM Services Notifies Patients of Data Security Incident

AUSTIN, TX (April 28, 2016) – On February 29, 2016, EqualizeRCM Services learned that an EqualizeRCM laptop containing patient data was stolen from one of its employees. Law enforcement was informed and EqualizeRCM immediately began an investigation into the incident and what information may have been impacted. It appears that certain documents containing information about patients treated at the following facilities were contained on the laptop:

  • Northstar Healthcare Surgery Center (Scottsdale, Houston, Dallas)
  • Microsurgery Institute (Houston, Dallas)
  • Hermann Drive Surgical Hospital
  • Victory Medical Center Houston
  • Central Dallas Surgery Center
  • Southwest Freeway Surgery Center
  • Kirby Surgical Center
  • Plano Surgical Hospital

For patients who were impacted, the information potentially exposed may have included patient name, address, phone number, date of birth, gender, insurance provider and policy number, health care provider information, billing and diagnosis codes, medical record number, internal reference number, date and type of service, the name of the treating facility, and other administrative information.

Financial account information and Social Security numbers were not impacted, and neither EqualizeRCM nor the affected facilities are aware of any unauthorized access or misuse of the information. Although we are not aware of any misuse, as an added precaution, identity theft monitoring and remediation services are being provided to impacted individuals through AllClear ID. Potentially affected individuals will be receiving letters with information and resources and are encouraged to call 1-855-904-5744 with any questions.

The privacy and protection of patient information is a top priority for EqualizeRCM, and we deeply regret any inconvenience or concern this incident may cause. We are working closely with the affected facilities in our response to this event, and have taken steps to help prevent this type of incident from happening in the future including reviewing our policies and procedures, implementing additional safeguards to ensure information in our control is appropriately protected, and retraining employees on existing policies for the proper handling of sensitive information.