- Mishandled medical information has caused two separate health data breaches in Oklahoma and Connecticut. Neither of the breaches, which occurred at Oklahoma University Physicians OB/GYN department and Backus Hospital in Norwich, CT., disclosed patient Social Security numbers, but both hospitals still mailed out breach notification letters to individuals affected by the incidents.
Laptop stolen from OU Physicians’ employee’s car
An OU Physicians employee recently had a laptop containing sensitive patient information stolen from his or her car, resulting in the breach of information for two groups of individuals, according to an OU press release.
For the first group of individuals, the information included patient names, medical numbers, dates of birth, ages, patient account numbers, the name of any inpatient procedures done, and the admission and discharge dates of that inpatient procedure. The first group of affected individuals includes those who received treatment at OU Outpatient Surgery Center or the Presbyterian Tower between January 1, 2009, and December 31, 2014.
The second group of affected individuals included patients for high risk delivery at OU Medical Center from September 24, 2014 until May 31, 2015. For this group, potentially disclosed information included patient last name and first initial, ages, pregnancy-related information, lab results, medications, delivery dates, and problems and allergy lists.
No Social Security numbers or addresses were disclosed for either group of individuals, and OU Physicians has no reason to suspect any of this information has been mishandled, the organization explained. However, OU Physicians still mailed the notification letters to affected individuals, and is offering them a free one-year subscription to credit monitoring. OU Physicians employees are also being reeducated on proper practice for handling patient information.
Backus Hospital patient information seen by non-employee
After receiving a data breach notification letter from Backus Hospital, patient Kenneth Keely Jr. was shocked at the mishandling of his personal information, according to The Norwich Bulletin. That letter, which explained the nature of a recent health data breach at Backus Hospital, was sent to over 300 other patients, the news source reported.
According to the letter, a health data breach occurred at the hospital on August 11, 2014 when an employee brought patient records home with her in an attempt to finish some work remotely. Those records stayed in her home until May 29, 2015, and may have been seen by non hospital personnel. Backus hospital became aware of this breach on June 20.
The breached records included patient names, medical record numbers, dates of treatment in the emergency room, diagnoses, and treatment information. While Backus has no reason to believe this information was misused in any way, the hospital said it still decided to send out 360 letters to individuals potentially affected by this incident.
Shawn Mawhiney, a spokesperson for Backus Hospital, stated that the employee responsible for this breach is being properly disciplined and reeducated on proper handling of patient information.
“The employee took the records home and they are not supposed to do that,” Mawhiney told the news source. “The records then had the potential to be seen by someone in her home. As a health care institution, we take this kind of incident very seriously.”