DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Texas Health Arlington Memorial Hospital breach notice

Posted on April 20, 2011 by Dissent

I finally tracked down an explanation for a breach entry in HHS’s breach tool that read:

Texas Health Arlington Memorial Hospital,TX,, 654, 12/23/2010,Unknown ,Electronic Medical Record,,

I had reported it on this blog last week, but here’s the undated notice that explains it:

Texas Health Arlington Memorial Hospital is notifying our patients about a breach of personal health information. After completion of the investigation and review of the facts, we believe that there is no potential harm of identity theft or financial fraud to you due to the intended purpose of the disclosure. The breach was discovered on January 26, 2011.

Texas Health Arlington has been in the process of converting information systems and processes to the same system standards used at other Texas Health hospitals. On December 23, 2010 the information services department turned on a switch between Texas Health Arlington and SandlotConnect, a health information exchange. The switch allows health information to go to SandlotConnect after patients sign an authorization form and the patients’ accounts are marked to permit the exchange of information.

It was determined that there were two issues: (1) the SandlotConnect authorization form was not presented to patients at the time of registration as Texas Health Arlington employees were not aware that the switch had been turned on and (2) the registration employees were marking patients’ accounts incorrectly.

The information disclosed to SandlotConnect included the following elements: name, address, date of birth, social security number, account number, medical record number, insurance information, and dates of service. In addition, the categories of health information as indicated below may have been sent: Lab Results, Radiology Results, Problems, Procedures, Transcribed Reports, Medications, and/or Allergies.

Since notification of the event, we turned off the switch so that no further health information would be sent, marked each affected patients’ account as not participating in the health information exchange, and worked with Sandlot to shield the information from being further used or disclosed. In addition, Texas Health Arlington registration employees received additional training on the SandlotConnect health information exchange processes. Information services has modified their implementation process for the health information exchange and trained their employees on it.

We also reviewed audit trail reports and determined that the majority of accounts were accessed by Sandlot employees in order to shield the affected patients’ health information. However, some SandlotConnect accounts were accessed by authorized health care providers for treatment purposes.

After completing the investigation and reviewing the facts, Texas Health Arlington believes that there is no potential harm of identity theft or financial fraud to you due to the intended purpose of SandlotConnect – continuity of care by authorized users of the health information exchange.

Texas Health has trained staff available to take calls if you have questions related to the incident. You may call this number, 1-800-227-3597, from 8:00 a.m. to 5:00 p.m. Monday through Friday. Please review the Sequence of Events document for additional information.

No one from any Texas Health entity will be contacting you or asking you to confirm any of the information that was involved in the incident. Please be alert to such calls and do not provide any personal information to the caller.

Texas Health Arlington takes very seriously our role of safeguarding your personal information and using and disclosing it in the appropriate manner. Texas Health regrets any stress and worry this situation has caused. ?
Sequence of Events

What happened?

Texas Health Arlington has been in the process of converting information systems and processes to the same system standards used at other Texas Health hospitals. On December 23, 2010 the information services department turned on a switch between Texas Health Arlington and SandlotConnect, a health information exchange. The switch allows health information to go to SandlotConnect after patients sign an authorization form and the patients’ accounts are marked to permit the exchange of information.

It was determined that there were two issues: (1) the SandlotConnect authorization form was not presented to patients at the time of registration as Texas Health Arlington employees were not aware that the switch had been turned on and (2) the registration employees were marking patients’ accounts incorrectly.

Another finding was that some patients already had their accounts marked to participate in the exchange due to a previous visit at another Texas Health hospital where they had authorized their the exchange to SandlotConnect. However, it is our practice for patients to have the opportunity at each visit to a Texas Health hospital to decide whether they want to participate or not in the health information exchange.

The causes of the incident were due to employee training issues, and the lack of communication and follow-up between the employees involved in the implementation of the health information exchange switch for Texas Health Arlington.

Information about Sandlot

Sandlot is a division of North Texas Specialty Physicians. The SandlotConnect Health Information Exchange allows physicians, hospitals and clinics to share medical records from various providers. This allows physicians to avoid duplicate medical procedures for patients. Physicians can look up information such as test results and medication histories to provide continuity of care.

The health information exchange has 1.5 million patients among five counties in Texas. In addition to Tarrant, the counties include Dallas, Erath, Johnson and Parker.

This website provides more information about SandlotConnect – http://sandlotsolutions.com. If you wish to call and speak to someone at Sandlot directly, please contact the compliance officer, Vera Blanc, at 817-810-5237.

What steps have been taken by Texas Health Arlington and Sandlot?

Since notification of the event, we turned off the switch so that no further health information would be sent, marked each affected patients’ account as not participating in the health information exchange, and worked with Sandlot to shield the information from being further used or disclosed. In addition, Texas Health Arlington registration employees received additional training on the SandlotConnect health information exchange processes. Information services has modified their implementation process for the health information exchange and trained their employees on it.

We also reviewed audit trail reports and determined that the majority of accounts were accessed by Sandlot employees in order to shield the affected patients’ health information. However, some SandlotConnect accounts were accessed by authorized health care providers for treatment purposes.

[…]

Read more on TexasHealth.org

Category: Health Data

Post navigation

← Texas fires two tech chiefs over breach
No reasonable expectation of privacy in an emergency room →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.