Texas Health Presbyterian Hospital Flower Mound is notifying its patients of a breach of patient health information. Texas Health Flower Mound and Texas Health Partners, its business associate, are under a duty imposed by law to notify patients of breaches of patient information.
A company-issued laptop of an employee of Texas Health Partners which is contracted with Texas Health Flower Mound to provide management oversight services, was stolen on June 21, 2011. The theft was discovered the same day and was immediately reported to the local police department.
Texas Health Partners and Texas Health Flower Mound believe that there is no significant risk of identity theft or financial fraud to you as a result of this incident. The laptop was configured to require a valid user ID and 12-character password to logon to the laptop.
What type of information was involved?
The type of information that was on the laptop varied depending on the type of internal report involved. It may have included your name and account number, plus at least one or more of the following elements: age, allergies, chief complaint, date and time of admission, date and time of laboratory order, date and time of specimen collection, date of birth, dates of service, diagnosis, discharge instructions, discharge summary, employer, gender, height, history and physical report, insurance, group number, ID number, subscriber’s name and/or subscriber’s date of birth, lab results, marital status, medical history, medical record number, Medicare Questionnaire report data, medication, name of account guarantor, name of lab test, name of physician, name and address of spouse, operative report, phone number, procedure, procedure start and stop time, radiology report results, room number, total charges, type of anesthesia, type of service, vital signs, weight, and x-ray number. It may have also included the social security number for a very small number of patients.
What steps are being taken by Texas Health Flower Mound and Texas Health Partners?
Texas Health Partners and Texas Health Flower Mound conducted a thorough investigation into the incident. As a result of the investigation findings, the appropriate corrective action has been taken with this employee in accordance with Texas Health Flower Mound’s and Texas Health Partners’ policies. All employees have been re-educated on how to safeguard laptops and other mobile devices. Information Technology policies are being reviewed and updated as necessary.
What steps can you take?
Texas Health Partners and Texas Health Flower Mound have no reason to believe significant risk of identity theft or financial fraud exists as result of this incident; however, in an abundance of caution, we recommend that you place a fraud alert on your credit report as added protection. This will prevent anyone from using your information without your permission to make financial purchases. Call any one of the three major credit bureaus listed below to place the fraud alert on your credit report. As soon as the credit bureau confirms your fraud alert, the other two bureauswill automatically be notified to place alerts on your credit report. You should be able to obtain a copy of all three reports free of charge.
Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374- 0241. Experian: 1-888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013. TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790.
How can I get more information?
You may call (toll-free) 1-855-419-1525 during normal business hours with any questions you have. No one from Texas Health Flower Mound or Texas Health Partners will be contacting you or asking you to confirm any of the information that was involved in this incident. Please be alert to such calls and do not provide any personal information to the caller.
We take very seriously our role of safeguarding your personal information and using it in the appropriate manner.
2 thoughts on “Texas Health Presbyterian Hospital Flower Mound notifies patients of breach”
Comments are closed.
How is there no risk? Username/password doesn’t stop me from booting with a Linux distro and grabbing whatever I want.
Only HIPAA required full disk encryption will fix that….
Note how they reiterate that they don’t see any “significant risk.” Operative word is “significant.” And because there’s no “significant risk,” they don’t offer any services to those affected?