From Northfield Hospital & Clinics web site on November 21:
Patients to be notified of breach of patient information
Northfield Hospital & Clinics is in the process of directly notifying 1,778 patients about a recent breach in the handling of protected patient information.
The notification stems from an incident over a period of eight days in late October when documents containing protected health information were comingled in error with other refuse and placed in commercial dumpsters for disposal. The unsecured documents may have included patient names, account numbers, birth dates, home addresses, types of treatment, insurance information, medical information, and, in a few cases, credit card information.
Hospital officials say they are confident the documents went directly to a secured landfill. But out of an abundance of caution, patients are being notified and offered assistance in monitoring their financial accounts.
“We sincerely apologize to our patients for the breach,” said Steve Underdahl, President and CEO of Northfield Hospital & Clinics. “We are committed to being good stewards of protected patient information and honoring our promise of confidentiality. We very much regret that this incident occurred. We are learning from it and are emerging with more secure protocols.”
Patients involved will receive a letter offering them resources to guard against identity theft. An 800 number will be established for people to call with questions and for help in minimizing their exposure. The number will be published next week on the Northfield Hospital & Clinics website. Northfield Hospital & Clinics is also offering free credit monitoring for a period of twelve months.
As a result of the breach Northfield Hospital & Clinics, steps are underway to further improve the security of operations and eliminate future risk. For instance, desk-side recycling containers have been removed in favor of more secure, centralized confidential waste containers. Staff is being educated on best practices for the handling confidential waste and cleaning personnel will be supervised until further notice.
Underdahl said a very small subset of patients is affected by this breach, but he said an incident like this is always taken seriously.
“We are confident that our patients’ exposure is minimal,” he said. “But we always want to error on the side of caution and do what we can to mitigate the impact of the incident.”
Northfield Hospital & Clinics is an independent, city-owned healthcare organization providing hospital and clinic services to residents of Northfield, Lonsdale, Elko New Market, Lakeville and Farmington.
On November 25, they posted:
Contact number announced for those with breach questions
Patients who have concerns or questions regarding Northfield Hospital & Clinics recent breach in the handling of private patient health information can call 1-877-615-3768 for assistance. Staff will be available to help you take steps to minimize your exposure to identity theft.
Hospital officials are confident that no patient information fell into the hands of outside agents. The paper documents were comingled with other refuse in error. Instead of being shredded, they were sent to a secure landfill.
The hospital is required to report the incident and take remedial action because it potentially affects more than 500 patients. Patients who are potentially affected will be notified by mail yet this week.