Update: The Star-Telegram reports that 277,000 are being notified of this breach.
Original post:
Texas Health Resources posted the following notice on their site. Unfortunately, the home page link simply says “Microfiche Incident” and does not alert site visitors to check that link for an important privacy breach notification:
Texas Health Harris Methodist Hospital Fort Worth (Texas Health Fort Worth) is committed to protecting our patients’ information and takes significant steps to do so. This notice concerns an incident involving some of that information.
In order for Texas Health Fort Worth to better serve our patients and to carry out certain functions we are unable to perform ourselves, we contract with vendors who specialize in those functions. Shred-it is a multi-national document destruction company that we engaged to provide secure handling and destruction of confidential information. Texas Health Fort Worth had arranged with Shred-it to destroy microfiche containing patient medical records.
On May 13, 2013, Texas Health Fort Worth learned that a portion of the microfiche we had provided to Shred-it for secure destruction services had been discovered in a park on May 11, 2013 by a local resident who immediately reported the incident to the Dallas Police Department and observed the microfiche until the police had arrived. In addition, three sheets of microfiche were found during that general time frame in two other public areas. Texas Health Fort Worth recovered the microfiche and began a thorough investigation. Our investigation determined that Shred-it had not destroyed the microfiche in accordance with our contract requirements.
The records on the microfiche may have included patient names, addresses, dates of birth, medical record numbers, clinical information, health insurance information and in some instances Social Security numbers. We have no knowledge that any of the information included on the microfiche has been accessed or used inappropriately. Furthermore, microfiche is no longer commonly used, and specialized equipment is needed to read the information it contains.
This incident does not affect all Texas Health Fort Worth patients only those who were admitted to the hospital between 1980 and 1990.
Shred-it advised us that the microfiche remaining in its possession was disposed of, however, out of an abundance of caution, we began sending letters to affected patients on July 11, 2013. We have also established a dedicated call center for patients to call with any questions. If you believe you are affected but have not received a letter by August 1, 2013, please call 1-877-216-3789 Monday through Friday between 8:00 a.m. and 5:00 p.m. Central Time. When prompted, please enter the following 10-digit reference code: 4537070513.
We deeply regret the inconvenience to you. To help prevent something like this from happening in the future, Texas Health Fort Worth and the entire Texas Health System has changed document destruction vendors. Shred-it assures us they have taken appropriate action as a result of this incident
h/t, Dallas News