This was reported by James Haggerty on January 23, but I just stumbled across it now:
A compact disc including information on Medicare patients at Wayne Memorial Hospital disappeared recently en route to its intended recipient.
An administrator at Wayne Memorial in Honesdale on Nov. 28 sent the unencrypted disc and related paperwork by certified mail to the Pittsburgh office of Novitas Solutions Inc., a Camp Hill-based Medicare administrative contractor, the hospital reported.
Although it was mailed in a legal envelope, Wayne Memorial officials say it arrived at Novitas’s Pittsburgh offices in a cardboard box without the disc. They were notified Dec. 3 that the disc was missing.
Hospital officials suspect the original package was damaged at a postal facility, the disc was lost and the paperwork was inserted into another package, which was delivered to Novitas.
The disc contained the names of 1,182 people who had been Medicare patients at the Honesdale hospital between 2007 and 2012 and have account balances outstanding, hospital spokeswoman Lisa Champeau said. Most of the patients’ Medicare account numbers were included on the disc, she said.
Read more on Citizens Voice.
On January 22, the hospital posted the following notice, linked from their home page:
Privacy Notification for Wayne Memorial Patients
On December 3, 2012, Wayne Memorial Hospital (WMH) discovered that this CD containing patient information had gone missing. An investigation was launched immediately. The hospital assured patients every step was being taken to address the incident and to protect their privacy.
The CD was included in a package sent by certified mail to WMH’s government authorized Medicare Administrative Contractor. The contractor received the package damaged and without the CD. Upon learning this, WMH conducted a diligent search for the CD with both the United States Post Office and the contractor. To date, WMH has been unable to locate the CD. The investigation confirmed that the CD contained names of patients who used WMH services between 2007 and 2012, account balances and, in some instances, Medicare numbers.
WMH administrators said they have no reason to believe that any of the information has been accessed or used improperly. However, in an abundance of caution, the Hospital has established a dedicated call center for those affected. WMH is also offering to eligible individuals one year of credit monitoring services provided through Experian. More information can be found at the WMH website at www.wmh.org.
WMH deeply regrets any inconveniences or concerns that this incident may cause those affected. The Hospital takes this incident very seriously and is reviewing its policies and procedures to ensure patient information is protected. The Hospital is committed to protecting all patient information and educating staff hospital-wide on the importance of maintaining the confidentiality of patient information entrusted to Wayne Memorial.
The News Eagle reports that notification letters were sent out beginning January 18.