So it appears that University of Arkansas for Medical Sciences had a breach back in January, but only this week (based on the notice’s metadata) posted something on their site about it:
UAMS has been unable to notify approximately 15 patients regarding an incident that may have involved disclosure of their personal information.
What happened?
Around January 6, 2016, UAMS became aware that a box containing medical records of some patients who received services and treatment at UAMS Child Study Center was missing. In retrieving a patient’s medical record from storage, it was discovered that the records of 42 patients were missing. UAMS and the medical records storage facility immediately began a search to locate the records. It was determined that the storage facility delivered the box to the Child Study Center on December 1, 2011, but, despite a diligent search, the records could not be found at either the storage facility or the Child Study Center. These records may have included such information as the patient’s name, social security number, date of birth, address, parents’ names, copies of parents’ driver’s licenses, the name of the insurance policy, insurance identification number, and insurance policy number, medical condition, diagnosis, lab results, medications and other treatment information.
UAMS notified in writing the patients who were affected by this incident. However, we were unable to notify approximately 15 patients because we did not have current contact information for them or current contact information for any next of kin.
Please be assured that no credit card, debit card, or bank account numbers were included in this information. We are also not aware that any of the information was misused.
What is being done in response to this?
UAMS takes the privacy and security of our patients’ protected health information very seriously, and we are here to assist you. It is our job, in conjunction with the UAMS HIP AA Office and other UAMS staff, to investigate all incidents involving possible breaches of protected health information and to take steps necessary to minimize losses and prevent future breaches. UAMS has policies and procedures in place to ensure patients’ medical records are appropriately maintained and stored and UAMS workforce members are trained on these policies and procedures. UAMS has an agreement in place with the medical records storage facility that requires the facility to protect and maintain the privacy and security of the records stored there. In addition to notifying patients who were affected by the incident, we confirmed that no other medical records that UAMS maintains at the storage facility are missing.
I am worried about identity theft. Does this incident put me at risk?
Please be assured that no credit card, debit card, or bank account numbers were included in this information. We are also not aware that any of the information was misused.
To help minimize the chance that any of your personal information could be used inappropriately, you may want to consider taking the following precautions:
Monitor and review bills from health care providers and correspondence you receive from health insurance companies (such as explanation of benefits) to ensure they list services and treatment you received.
- Monitor and review financial account information and credit card statements for unauthorized activity and immediately notify the appropriate company of any unauthorized activity.
- Register for a free fraud alert with the three credit bureaus listed here:
- Equifax: 1-800-685-1111; www.equifax.com; P .O. Box 740241, Atlanta, GA 30374-0241
- Experian: 1-888-EXPERIAN (397-3742); www.experian.com
- TransUnion:1-800-680-7289; www.transunion.com;P.O.Box2000,Chester,PA19022-2000.
We are posting information about this incident on the UAMS website so that you may take any steps you feel are necessary to protect your personal information. If you have concerns that you may have been one of these patients who we were unable to notify in writing, please call the UAMS HIPAA Office. The toll free number is 1-888-729-2755. We are sorry that this happened and for any inconvenience it may cause you.