Allina Health Isles Clinic notifies more than 6,000 patients of improper disposal of their records

Posted on by Dissent

First, the notice from Allina Health in Minnesota:

This notice concerns a privacy situation that occurred at the Allina Health Isles Clinic, located at 2800 Hennepin Avenue, Minneapolis, MN 55408.

On October 27, 2015, Allina Health discovered that in limited circumstances, containers which may have had documents with patient information were being emptied into a private trash dumpster instead of secure shredding bins.

Allina’s investigation determined that this may have been occurring since April 6, 2015. These documents may have included patient information, including names, dates of birth, medical record numbers, addresses, clinical information, the last four digits of social security numbers, and insurance information such as plan number (including social security numbers for individuals whose health insurance identification number is their social security number).

Allina Health is committed to protecting the privacy and security of its patients’ information. At this time, there is no indication that any Isles Clinic patient’s personal information has been misused in any way and Allina Health believes the risk is very low that any unauthorized person saw any of this information or used it inappropriately.

Nevertheless, Allina Health has mailed letters to all patients who had appointments at or were referred to the Allina Health Isles Clinic between April 6 and October 28, 2015. The letter explains the situation and offers one year of free credit monitoring/identity protection services to patients potentially affected by this situation.

Patients who wish to enroll in the credit monitoring/identity protection service or who have other questions should call toll-free 1-855-559-9708 from 8:00 a.m. to 6:00 p.m. (Central Time) Monday – Friday. (The call center will be closed on December 25 and January 1.)

Upon discovering the situation, Allina Health promptly initiated an investigation and determined that the trash dumpster was located in a locked garage only accessible to individuals with authorized access. The trash from the dumpster is picked up weekly and taken to a city-owned disposal center where it is eventually incinerated.

To address the situation, Allina Health has replaced the containers at the Isles Clinic with containers clearly marked for shredding and retrained clinic staff to dispose of documents containing identifiable patient information into designated locked shredding containers daily.

Allina Health recommends that patients regularly review statements from their accounts and periodically obtain a credit report from one or more of the national credit reporting companies.

A credit report may be obtained once every 12 months by either:

Information about identity theft, credit monitoring, and how to keep information secure is available at http://www.consumer.ftc.gov/topics/identity-theft.

Again, there is no indication that any Isles Clinic patient’s personal information has been misused in any way as a result of this situation.

Allina Health takes the confidentiality of our patients’ information very seriously and will continue to work to ensure that a similar situation does not occur in the future.

Contact us

Allina Health takes the confidentiality of our patients’ information very seriously and will continue to work to ensure that a similar incident does not occur in the future.

If there is anything we can do to assist you or if you have additional questions, please call us at 1-855-559-9708.

Christopher Snowbeck of the Star Tribune reports that more than 6,000 patients are being notified.

This is not the first report this week involving thousands of patients’ records having been improperly disposed. See also the Florida Agency for Healthcare Administration incident.

Nor is this the first time Allina Health has appeared on this blog for a breach.  See this report from 2011, this one from 2013.

Category: ExposureHealth DataPaperU.S.