Patients of Harris County Hospital District in Texas who were patients between April 14, 2008 and February 11, 2011 are first being notified that their information may have been stolen by an employee.
In a notice posted on their site, David S. Lopez, President/CEO, writes that they wish to “urgently call your attention to the fact that certain information about you may have been improperly accessed, viewed, recorded and shared with others by a District employee. The employee has not been employed at the District since February 11, 2011. The information viewed and possibly shared with others may have included your name, address, phone number, date of birth, sex, Social Security (member) number, medical record number, emergency contact information, payer information, and information about the medical care you received at the District between April 14, 2008 and February 11, 2011.”
The District first became aware of the problem on February 11, 2011, when they received a grand jury subpoena related to the alleged activities.
Lopez says that the District complied with the subpoena and cooperated with the Office of Inspector General’s investigation. On July 20, 2012, they “received additional information that led to our decision to provide you with this notice.”
It’s not clear why they did not have sufficient information before last month to determine the seriousness of the breach and its scope, but they write that “Due to the pending criminal investigation, the District has been unable to determine with certainty which patients’ personal data and information was, in fact, improperly viewed, accessed or shared with others.”
The District believes that the purpose of the data theft was to defraud Medicare and not the patients.
“The former employee has been indicted in the United States District Court for the Southern District of Texas, Houston Division, and will be tried on criminal charges related to the stolen and misused information on September 24, 2012,” Lopez writes.
h/t, Click2Houston