San Antonio-based Deer Oaks – The Behavioral Health Solution will pay HHS $225,000 to resolve potential violations of HIPAA rules.
HHS began an investigation into Deer Oaks, which provides psychiatric services in long-term care and assisted living facilities, in 2023. HHS found Deer Oaks had disclosed the protected health information of 35 individuals when discharge summaries for these individuals became accessible to the public online. Deer Oaks said a coding error in a pilot patient portal caused the information to be cached by search engines.
Deer Oaks experienced a data breach in 2023, affecting more than 170,000 individuals. HHS’ investigation found that the organization failed to conduct an “accurate and thorough risk analysis” of its data vulnerabilities.
The behavioral health provider has agreed to a corrective action plan which entails annually reviewing its risk analysis, implementing a risk management plan and providing training on protected health information to its workforce.
The settlement includes no admission of wrongdoing by Deer Oaks. Becker’s has reached out to Deer Oaks for comment and will update this story if more information becomes available.
