NYU Langone Health notified patients the week of January 4, 2022, about a potential privacy incident resulting in misdirected, limited patient information. The incident occurred on or about November 12, 2021, when a communication was sent via U.S. mail to inform patients of a planned relocation of an NYU Langone Health oncology surgeon originally based in Lake Success, New York.
Upon investigation, it was discovered that the third-party vendor NYU Langone used to complete this mailing reformatted the address list, which resulted in a misalignment of patient names and addresses on the envelope. As a result, individual patient communications were sent to incorrect addresses. Importantly, the communication itself was a generic “Dear Patient” letter and did not include any patient information pertaining to the intended recipient. Additionally, no other personal or health information, such as treatment information or social security number, was included.
NYU Langone is currently mailing letters to alert those affected by this incident and has established a dedicated toll-free call center at 800-939-4170, to answer any questions patients may have with representatives available Monday through Friday from 9:00AM to 9:00PM Eastern Standard Time.
Following this incident, NYU Langone requested and received assurances from the vendor that they have reviewed their practices and will implement any necessary changes to protect from similar misdirected mailings of patient information in the future. NYU Langone will also continue to review its own internal processes and procedures to help prevent such incident as this from happening again.
Source: NYU Langone Health
The incident was reported to HHS on January 6 as involving 1,123 patients.