Minneapolis-based Children's Minnesota recently notified 37,942 patients about a system error that may have exposed their protected health information.
In August, Children's Minnesota discovered that internal calendars for some of its staff were misconfigured, allowing the calendars to be viewed and accessed by unauthorized people. Upon further investigation, officials learned that this error dated back to December 2011.
The calendar entries showed patient appointments, which included limited demographic and clinical information. Patient data that may have been exposed included names, medical record account numbers, insurance account numbers, dates of birth, appointment times and locations, dates of service, names or abbreviations of procedures, names and healthcare providers and insurance carriers.
Children's Minnesota said there is no evidence that patient information has been misused.