An incident recently added to HHS’s public breach tool involves NYU Urology Associates. According to the log entry, 835 patients were affected by a breach that occurred on February 19, 2014. I was able to locate a statement on NYU’s website about the incident:
NYU LANGONE MEDICAL CENTER NOTIFIES PATIENTS OF DATA BREACH
October 10, 2014 – NYU Langone Medical Center notified patients today that a CD containing protected health information (PHI) was unintentionally sent to an NYU Langone patient in March 2014. The Medical Center was made aware of this incident on August 14, 2014, and has since been in contact with the recipient to secure the CD. At this time there is no indication that the information on the CD has been misused or further disclosed in any way. Additionally, patient financial information and social security numbers were not included and therefore are not at risk.
This incident occurred when the Medical Center’s processes to provide an individual his requested patient records were not followed, causing the PHI of others to mistakenly be copied onto a CD. Because the CD contained PHI of over 500 patients, NYU Langone notified the U.S. Department of Health and Human Services Office for Civil Rights.
The information included patient name, age, chart number, provider name, and clinical information related to a visit at Urology Associates in the early 2000s.
Individuals affected can protect themselves by always reviewing insurance claims forms and by being alert to anyone attempting to sell them medical products. A dedicated AllClear ID team phone line and call center team has been set up to answer questions of those concerned that they may have been impacted. The center can be reached at 866-979-2597 (toll free) Monday – Saturday 9 a.m. to 9 p.m. EST.
NYU Langone takes the protection of health information very seriously and is taking steps to prevent a similar occurrence. Department staff is being retrained regarding the importance of safeguarding health information and a Medical Center-wide communication on the proper ways to protect sensitive information will be distributed.