HIPAA Breach Notice

On April 1st 2024, Autumn Behavioral Health Center determined that two potential HIPAA breaches occurred on or around Feb 13th 2024 / Feb 15th 2024 involving the protected health information of all or some former Crossroads clients. Please check below to learn more, including whether your PHI may have been compromised and how you can protect yourself.”

Dear Patients:

We are sending this letter to you as part of Autumn Treatment Center’s commitment to patient privacy. We take patient privacy very seriously, and it is important to us that you are made fully aware of a potential privacy issue. Autumn has recently become aware of two HIPAA breaches involving patient protected health information.

Breach One:

On January 22nd 2024, Autumn purchased computer equipment from Crossroads. Unbeknownst to Autumn, Crossroads did not remove access to its patients’ medical records before selling the computers to Autumn. On April 1st 2024, Autumn discovered that staff previously employed by Crossroads and now employed by Autumn may have accessed and viewed the medical records of past Crossroads patients whose records were still stored on the computers purchased by Autumn. Autumn is unable to confirm what type of patient protected health information was accessed or viewed by unauthorized staff. Patients’ medical records contained basic demographic information, and treatment and assessment information.

Autumn has taken steps to prevent further breaches and mitigate any potential harm to you, including conducting HIPAA training for all staff and removing all access to Crossroads patients’ medical records from the computers Autumn purchased from Crossroads.

Breach Two:

Separately, on Feb 5th 2024 & Feb 12th, a counselor who previously worked at Crossroads and subsequently became employed by Autumn sent Autumn leadership an email that contained an excel file with the names and demographic information of the counselor’s Crossroads patients. The excel file contained the PHI of 416 Crossroads patients, some of whom became Autumn patients and executed a release of information, and some of whom did not become Autumn patients. The Autumn staff member who received the excel file then shared that excel file with eight additional Autumn staff members.

To mitigate the likelihood of further breaches of unsecured patient PHI, Autumn has instructed all staff members who received the email with the excel file to promptly delete the email. Additionally, Autumn organized multiple HIPAA trainings.

We are very sorry for any disruption or stress these actions may have caused you. We maintain policies and procedures to prevent disclosures of this nature and perform routine training with employees and contracted individuals.  We appreciate your understanding and cooperation in this matter. Please feel free to contact me with any questions or concerns at [email protected] or [email protected].


Madhukar Narahari


Leave a Comment

Your email address will not be published. Required fields are marked *

Get In Touch

You can start the admission process now, and click the link below and we will contact you to set up an appointment.

Featured Posts