Here’s a situation in which there’s clearly been a privacy breach, but the privacy issues may actually be the least of the patients’ problems.
Heather Graf reports that a former patient at the Carol Milgard Breast Center has filed a complaint after discovering three other patients’ records were mixed in with her own, raising questions of the potential for medical/treatment mistakes as well as privacy and confidentiality issues. Out of 900 pages in the patient’s medical records, 141 pages belonged to other patients.
During a deposition of the clinical supervisor of the Carol Milgard Breast Center, Tsuru’s attorneys say the clinical supervisor admitted to the error.
When asked if they’d ever had troubles or issues in regards to the electronic records, the clinical supervisor had this response:
“When they did our conversion from Zotec to the RIS, they changed the way they were doing the medical record numbers. And so it caused a migration issue for when the new system was brought up, sometimes patients’ records, especially scanned documents, ended up in the wrong place.”
Deutscher says the mistake dates back to September of 2012, and could potentially impact every patient ever treated at the facility. She also says the staff there has made no attempt to fix the problem.
Read more on KING5. Although the story keeps the local color by talking about what the state might do, I’m pondering what HHS might do. If there are less than 500 patients involved, we won’t see this one on the breach tool, and I suspect their investigation will not be completed in 6 months or less like the state’s, but this is a good one to follow. And I wonder how many entities have had similar breaches due to glitches during conversion or digitizing of records. Now that you think about it, aren’t you surprised that we haven’t seen more media stories about this type of problem?
h/t, HealthITSecurity.com