The following notice was posted yesterday on Beebe’s web site, linked from their home page:
Beebe Healthcare (“Beebe”) is committed to protecting the security and confidentiality of our patients’ personal information and takes this obligation seriously. Regrettably, this notice is regarding an incident involving some of that information.
On December 27, 2013, Beebe learned that a temporary contractor had previously been arrested for incidents related to identity theft in Pennsylvania four years ago. The contractor had worked at three of Beebe’s physician offices in the Beebe Physician Network (BPN) since August 2013. Upon learning of this information, we immediately terminated the contractor’s engagement and began a thorough investigation, including hiring a national forensic expert firm. Our investigation determined that during her assigned job duties, the contractor had access to patient medical records, which included patient names, dates of birth, Social Security numbers, health insurance information and clinical information. Based on our investigation and the work of the national forensic experts, we have no evidence that patient information was removed from Beebe or has been used inappropriately in any way. Although the staffing agency with whom we contracted performs background checks on all applicants, the report did not reflect any potential criminal activity for this individual.
This incident affects approximately 1,900 patients, seen collectively, at three of Beebe’s Physician practices: Beebe Internal Medicine in Lewes, Beebe Family Practice in Millville and Beebe Pulmonary Associates. As a precaution, Beebe began sending letters to inform affected patients on January 31, 2014 and is providing credit protection services for them. To assist our patients Beebe has established a Call Center that will be available Monday through Friday, beginning February 3rd from 9:00 a.m. until 7:00 p.m. EST., to answer any questions. If you are concerned that you may be affected but do not receive a letter by February 21, 2014, please call 1-866-264-1054 Monday through Friday between 9:00 a.m. and 7:00 p.m. Eastern Time.
We deeply regret any inconvenience this has caused our patients. To prevent this from happening in the future, we are performing our own background checks of all staffing agency employees and will no longer rely on staffing agencies to do so.
I think they absolutely took the correct steps here, don’t you?
Update: Here’s their notification to the Maryland Attorney General’s Office.