The Granger Medical Clinic, a West Valley City, Utah-based clinic, fears there has been a potential patient data breach after 2,600 medical appointment records from 2012 that were supposed to be shredded went missing on Jan. 22. The clinic sent out patient notification letters on Friday, as HIPAA mandates that an organization alert affected patients within 60 days of the breach.
The Salt Lake Tribune reports that these patient records were printed from an electronic scheduling database and there were patient names, appointment dates and times, reasons for medical visits and internal medical record numbers. However, no addresses, birth dates, medical claim information, Social Security numbers or financial information, such as credit card numbers, were compromised in the breach. And to this point, Granger Medical Clinic doesn’t believe there has been any misuse of the breached information but it’s still unknown exactly where the records are or what happened to them.
“The clinic is taking this very, very seriously,” Steven Hester, the clinic’s attorney told the Tribune. “We have reported it to the Department of Health and Human Services. They haven’t initiated an investigation, but we anticipate that they will.”
Health data breaches have even more weight in Utah, given the controversy surrounding its two large data breaches within the past year. Sheila Walsh-McDonald, the data security ombudsman for the Utah Department of Health, is reportedly working on new data procedures and retraining staff to guard against data loss, such as no longer printing and shredding patient appointment records.