6,600 Patients Learn PHI Revealed

In October, NYU Langone Health System has found a folder having a record of presurgical insurance approvals was unintentionally reprocessed by a washing company. The folder had records pertaining to about 2,000 patients.

The material in the folder comprised names, dates of service, birth dates, existing procedural terminology code, insurance ID numbers, insurer names, and diagnosis codes. In a few instances, short notes might be present, together with insurance denials/approvals and outpatient/inpatient condition. Neither any financial information nor Social Security numbers were noted in the paperwork.

As needed by HIPAA, NYU Langone Health System had applied a procedure that needs all PHI to arrange safely when it’s no more needed, usually by destroying files. As the folder was taken for reprocessing by mishap, that didn’t happen.

As insurance ID numbers were there in the records, NYU Langone Health System has provided all impacted patients free identity thievery protection facilities and cyber checking facilities through ID Experts for 12 months.

To avoid similar happenings from taking place in the time to come, staff have been retrained on the significance of protecting patient information as well as practice workflow updated to upgrade the defenses for confidential patient information. No accounts have been received to indicate any information has been utilized wrongly.

Chilton Medical Center Break Affects 4,600 Patients

Pequannock at New Jersey Chilton Medical Center (CMC) has found out that a worker thieved as well as sold computer hardware having the PHI of patients. Names, details of allergies, addresses, dates of birth, medical record numbers, and medicines obtained at CMC were stowed on a hard drive which was detached by a worker as well as sold on the net.

The selling of the hard drive wasn’t allowed by CMC and was in violation of the medical center’s rules. The event has been informed as a thievery and the Prosecutor’s Office of Morris County has been informed. As per the break notice put on the medical center’s site, the worker no more works at CMC.

On discovery of the case, an internal inquiry was started, and it became clear that this wasn’t the first time that assets and computer hardware had been detached by the former worker and sold online. Those extra assets and devices aren’t thought to have had any patient information, even if the inquiry is continuing.

Patients affected by the case had gone to CMC for medical facilities from May 1, 2008 to October 15, 2017. All patients affected were alerted to the security event on December 15, 2017. CMC stated extra controls and processes have been set up to avoid occurrences like this from taking place in the time to come.

The case has been informed to the Division of Health and Human’ Services OCR. The break report shows 4,600 patients have been impacted.