University of Missouri Health Care recently notified HHS of a breach involving the records on 1,288 patients. According to a news release on their web site issued June 21:
University of Missouri Health Care and the University of Missouri Police Department are investigating a missing package containing patient billing information.
On June 14, University of Missouri Health Care officials failed to receive an expected delivery of copies of patient payment information and immediately notified the MU Police Department. In addition, University of Missouri Health Care officials immediately began a review to identify and notify the patients whose information was missing.
The health system sent letters today notifying 1,288 patients whose billing information was included in the missing package.
The package had been sent by private courier to University of Missouri Health Care from a Kansas City bank that serves as the clearinghouse for MU Health Care’s billing. The contents of the missing package included copies of payments received by the bank between June 6-13.
Patients with questions can get more information at http://www.muhealth.org/ProtectedInformation or they can call Cheryl Hopson, supervisor of joint customer service, at (573) 882-2013 or (800) 877-2372 or Misty Woods, service coordinator of joint customer service, at (573) 884-1983 or (800) 877-2372.
University of Missouri Health Care has terminated its contract with the courier responsible for delivering the missing package.
“Safeguarding the privacy of patient information is our top priority, and to that end, we have taken immediate action steps to investigate the missing information, notify the patients affected and help the patients protect their accounts from identify theft,” said Jim Ross, chief executive officer.
According to the FAQ on the incident:
The contents of the missing package included copies of payments received by the bank between June 6-13 for 1,288 patients of University of Missouri Health Care. No Social Security numbers were included in these documents, and no cash or checks are missing. The type of information missing included bank account numbers, partial credit card numbers, and names and addresses. We notified the patients individually by letter June 21.
The University advised those affected to change their bank account numbers and/or credit card numbers:
To guard against the possibility of identity theft, we are advising the patients whose information was included in this package that they may want to contact their banks to change account numbers or contact their credit card companies to request new cards be issued.
The University also offered those affected discounted credit protection services through Experian.