Cook County (Ill.) Health began notifying 2,713 patients Jan. 24 that their personal information may have been sent to a third-party vendor who did not have a business agreement with the health system at the time.
In November, the health system sent a limited amount of information about patients who were part of the #keepingitLITE study to a third party who was instructed to mail patients study materials. The information sent to the third party included names, addresses and emails.
Cook County Health said that no health or other information such as dates of birth, Social Security numbers or health information was shared with the third party. The health system also said there is no evidence that patient information has been misused.
In an email to Becker's Hospital Review, a Cook County Health spokesperson said that the health system now has a business associate agreement in place with the third-party vendor.
"Cook County Health takes privacy and security of our patients' personal information very seriously and regrets that this incident happened. We have taken corrective action to continue to ensure the privacy and security of our patients," the health system said in a statement.