Dominican Hospital, part of Dignity Health, is notifying patients whose protected health information was securely, but erroneously, transmitted to an incorrect health plan on July 16. The error was detected on July 28.
According to a copy of the notification letters dated August 18, some patients were notified that the information included their name, account number, admission date, length of stay, total charges, unit they were seen in, room number they were seen in, and insurance carrier name. Other patients were notified that the transmission erroneously included a screenshot of a patient list from their EHR system. That screenshot contained patients’ name, age (including date of birth), gender, medical record number, account number, admission date, length of stay, attending physician, primary care physician, unit the patient was seen in, room number the patient was seen in, and reason for the visit. No Social Security numbers or financial account information was involved.
The health plan that received the transmission has been cooperating with the hospital and is expected to provide an attestation that the errant data was destroyed.
In order to prevent a recurrence, Dominican Hospital is continuing to educate staff and is taking disciplinary action, as appropriate.
The number of patients affected was not disclosed in the notification and the incident is not up on HHS’s public breach tool, although if there are more than 500 patients affected, we should see it at some point.