The press release below from Mercy Health/Love County Hospital is described as a supplement to an incident that they – and we – first reported in July. In September, the entity notified HHS that they had notified 13,004 patients, a notification that they reference below as a precautionary measure. I’m not sure why they needed yet another press release about this incident unless they had failed to notify everyone as required by HITECH and wanted to ensure that they reached everyone with mitigation offer, etc.
Dec. 5 – Mercy Health/Love County Hospital and Clinic (Love County Hospital) discovered a theft of medical records which may have affected patients receiving services from this facility. Protecting privacy and security of patient health information is very important to Love County Hospital. This news release is being issued to supplement a notice about this incident previously issued in Love County, Oklahoma.
On June 23, 2017, Love County Hospital learned that ten medical records were stolen from one of its storage units. The medical records contained medical information, names, addresses, dates of births, social security numbers and driver’s license numbers. The ten records were stolen by a former employee and used to obtain fraudulent credit cards. The matter has been investigated by multiple law enforcement agencies and Love County Hospital has been cooperating with their investigation. Upon discovering the incident, Love County Hospital took the steps necessary to address the matter, including immediate measures to enhance security of the storage units and to prevent similar incidents from happening in the future.
While only ten medical records appeared to be stolen, all individuals whose medical records were in the storage units were notified of this incident and resources were made available to assist them with protecting their information. As a precaution, affected individuals should carefully monitor their credit reports for any unauthorized activity in the upcoming months. To help protect from any potential negative consequences from this incident, all affected individuals are offered credit monitoring and identity protection services free of charge for 12 months through AllClear ID.
Love County Hospital has established a dedicated call center to answer any questions about the incident. If you have any questions or would like to learn additional information, please call 1-855-742-6046. The call center is available to answer questions Monday through Saturday, between 8:00 a.m. and 8:00 p.m. Central Time. You may also submit any questions about this incident by mail directed to: Privacy Officer, Mercy, 14528 South Outer Forty Drive, Suite 100, Office 1036, Chesterfield, MO 63017.
SOURCE: Mercy Health