From Florida Hospital’s web site:
As a valued patient, your health, safety and privacy are top concerns at Florida Hospital.
Regrettably, this notice concerns an incident that may have exposed patients’ personal information to people outside our organization. We take this matter very seriously, and are offering affected patients identity theft protection and credit monitoring services for their protection.
On May 2, 2014, we were notified that Florida Hospital facesheets (a summary cover sheet to a patient’s medical record) were discovered in the course of an investigation being conducted by law enforcement. While working with law enforcement, we determined two Florida Hospital employees printed patient facesheets outside of their normal job duties, which may have contained patents’ names, addresses, Social Security numbers, phone numbers, emergency contact information, health insurance information and certain health information such as physician names and diagnoses. We believe this incident occurred from January 2012 to May 2014, based on information provided to us by law enforcement. Because giving you notice could have impeded law enforcement’s investigation, at their instruction, we were under a “law enforcement hold” and unable to notify you until now. Following the discovery of this incident, we terminated the employees.
We also recommend that affected patients regularly review their explanation of benefits statement that they receive from their health insurer. If you identify services on your explanation of benefits that you did not receive, please immediately contact your insurer.
We have no evidence that the information has been misused, but in an abundance of caution we began sending letters to affected patients on March 20, 2015, and have established a dedicated call center to answer questions patients may have. If you believe you are affected but do not receive a letter by April 16, 2015, please call 1-877-309-9838 , Monday through Friday from 9:00 a.m. to 6:00 p.m. Eastern Time.
We deeply apologize for the inconvenience this may cause our patients. Rest assured, we investigated the matter internally and have taken measures to ensure this type of incident does not occur again by continuing to enhance security safeguards and reinforcing education with our staff on the importance of handling patient information.
The Orlando Sentinel reports that 9,000 patients were affected or notified.
This is not Florida Hospital’s first insider breach. Other incidents were previously reported on PHIprivacy.net.