On April 25, Comanche County Hospital Authority notified HHS that 2,199 patients were affected by an email incident. From their press release:
Comanche County Memorial Hospital issues public notice of HIPAA Breach
Lawton, OK (April 27, 2016) – Comanche County Memorial Hospital (CCMH) is committed to protecting the privacy of its patients and maintaining the highest standards in patient confidentiality. Although there is a very low risk to patients, CCMH was recently notified that an incident occurred with patients of the Memorial Medical Group (MMG), affiliated with CCMH. This incident resulted in a limited amount of patient information being released.
On February 26, 2016, the company contracted to provide patient satisfaction surveys for the MMG determined that an e-mail survey sent to numerous patients included incorrect information. The surveys were sent to the e-mail addresses of patients who visited MMG physicians from December 1 through December 31, 2015. The subject line of the e-mail stated the name of an individual that did not match the name of the individual to whom the e-mail was addressed. Within the body of the survey, the individual who received the e-mail was asked about their experience with a physician they had visited in recent weeks, but indicated that the physician worked in a different practice from the practice where the physician actually works. The surveys did not include any diagnoses or dates the physician was seen. They also did not contain any insurance or financial information of either the individual to whom the survey was sent or the individual whose name was in the subject line of the e-mail. They also did not include any identifying information about the individual other than the individual’s name. No social security numbers, addresses or phone numbers were disclosed.
Upon the outside company’s discovery of the erroneous surveys, the Privacy Officer at CCMH was notified and a thorough internal investigation was conducted whereupon it was determined that the error as reported by the outside vendor was correctly identified. As a result of this error, the outside vendor is updating and revising its procedures to ensure this error does not occur again. The employees of the vendor who were responsible for the error received disciplinary action up to and including termination from employment. CCMH and the MMG are closely monitoring the ongoing performance of this vendor to determine whether its services will be continued. Services will only be continued if they can be certain that the cause of the error has been satisfactorily corrected by the vendor.
All persons who were personally affected by this incident will receive a letter as long as their current mailing address is on file with the MMG physician’s office where they received care. The letter they receive will inform them that their name may have been attached to a survey sent to another individual who received care with a physician with the MMG.
CCMH regrets any inconvenience or concern that this error may cause, and encourages anyone who has questions to contact our dedicated toll free hotline at 1.855.731.6012.
For more information go to www.ccmhonline.com.
About Comanche County Memorial Hospital
Comanche County Memorial Hospital (CCMH) is a 283-bed not-for-profit county hospital in Lawton, Oklahoma and the regional referral center in Southwest Oklahoma.
The Memorial Medical Group (MMG) is the largest physician practice in Southwest Oklahoma and operated by CCMH. MMG is comprised of over 100 providers from 20 medical specialties.