Dawn Brooks reported this earlier this month:
Memorial Hermann Wednesday announced an incident involving the disclosure of protected health information to select primary care physicians.
The company said the information disclosed was limited to the member’s demographic information, that no medical information was disclosed.
A Memorial Hermann employee on May 16 reported potential improper use of her PHI to the Memorial Hermann Privacy Office after the employee received a letter from a PCP she had no prior relationship with regarding the need for an annual physical.
Memorial Hermann said it was determined the PCP received the employee’s PHI from MHMD, the Memorial Hermann Physician Network. MHMD received the information from Memorial Hermann Health Solutions.
Memorial Hermann said based on a comprehensive investigation, enrollment files were delivered to a PCP assigned by Health Solutions to 12,061 individual employee group health plan (EGHP) members.
So were enrollment files supposed to be delivered to the PCP but these were the wrong files? Does a PCP normally have 12,000 members assigned to them? Something is confusing me here: why wasn’t the PCP curious or suspicious about receiving these files?
The demographic information disclosed included members’ IDs, full names, phone numbers, date of birth and last known mailing addresses.
Read more on Click2Houston.