Madison Parish Hospital Service District reported that 1,436 patients were impacted by an incident reported to HHS as Unauthorized Access/Disclosure of PHI located on “Desktop Computer, Email.” A notice on their web site provides some addition information:
NOTICE OF PRIVACY BREACH
We take patient privacy very seriously, and it is important to us that you are made fully aware of a potential privacy issue. On February 20, 2018, it was discovered that an employee of the Hospital accessed a list of patient identifiable information of the hospital or its clinic and then apparently sent that list to a third party. We believe the third party received the list confidentially and has not redisclosed the information.
We are keenly aware of how important your personal information is to you. We sincerely apologize and regret that this situation has occurred. Madison Parish Hospital is committed to providing quality care, including protecting your personal information, and we want to assure you that we have policies and procedures to protect your privacy.
If you have any questions, please contact Chasity Whitaker, Privacy Officer, at 318-651-5601.
While I admire the straightforward language of the notice, it is missing some important details. And did they really discover the breach in February, 2018, or did they mean February, 2019? And was the third party who allegedly received the list a HIPAA-covered entity?
DataBreaches.net sent an email inquiry to the hospital. This post may be updated when a reply is received.