Add Jersey City Medical Center to entities experiencing an e-mail breach of PHI. From their statement of April 20, 2015:
On February 19, 2015, as part of routine hospital operations, an employee of Jersey City Medical Center accidentally sent an e-mail meant for internal use that included an attached spreadsheet with some patient information to an unintended email recipient. The spreadsheet included patient names, health insurance payors, dates of admission and discharge, a one-word description of the medical service department from which the patient received services, and patient Medical Center account number. This e-mail did not include any patient social security numbers, dates of birth, any credit card or banking information, health insurance identification numbers, or patient addresses.
The unintended recipient informed the Medical Center of the mistake on the same day that the email was sent. The Medical Center attempted to obtain official confirmation that the email was completely deleted and the information was not further disclosed. Unfortunately, such confirmation has not yet been received. Accordingly, while the Medical Center has no evidence that any personal information has been misused in any way, we have notified affected patients by mail and have offered free identity monitoring services.
The Medical Center is currently reviewing its e-mailing policies and technological processes, and is retraining staff to minimize the chance of other such incidents. The Jersey City Medical Center sincerely regrets this unfortunate incident because we consider the security of patient information to be of the utmost importance. Patients with questions relating to this incident should contact representatives at the following toll-free number: 866-796-2161, between 9 am and 7 pm Eastern Time, Monday through Friday.
According to the center’s submission to HHS on April 17, 1,447 patients had information in the errant spreadsheet.