In accordance with the Health Information Technology for Economic and Clinical Health Act of 2009, Centerstone of Kentucky offers the following public notice. Centerstone has made every attempt to notify any clients affected by this privacy breach by first class letter and/or telephone call prior to this posting.
On October 10, 2018, a Centerstone-owned, portable USB data storage device (“flash drive”) was returned to a Centerstone supervisor at one of our service locations. Upon review, this flash drive contained the personal health information of some Centerstone clients who received services during 2016 through August of 2018. This information included some draft versions of service notes/summaries without full client names attached; however, the flash drive also included some client lists with specific personally identifiable information such as full names, email addresses, appointment dates, service types, provider names and guarantor names.
We did not find any evidence that additional personal identifiers, such as birth dates, social security numbers or mailing addresses, were included in the information contained on this flash drive. All of our clients’ service records from September, 2018, to the present day are protected by our electronic health record and are not part of this breach.
Centerstone sincerely regrets this potential breach of the privacy and security of protected health information. At this time, we have no information to suggest that the information on the flash drive was accessed or used in a manner that will cause harm to any impacted persons. However, we cannot be certain that this has not or will not happen. If you feel you may be affected and have questions about your privacy or the potential risk of identity theft, or would like information about fraud protection, please contact our Privacy Officer by phone, email or letter:
Jeff Felty, Compliance & Privacy Officer
Centerstone of Kentucky
10101 Linn Station Road, Suite 600
Louisville, KY 40223