Michigan hospital alerts 2,400 patients of human error data breach

Mackenzie Garrity - Print  | 

Byron Center, Mich.-based Mercy Health Physician Partners Southwest began notifying 2,487 patients Feb. 10 that their information may have been exposed in a mailing error.

On Dec. 12, 2019, a third-party vendor of Mercy Health incorrectly mailed patients letters about a physician's departure. Patients received letters from the practice with the wrong name on the envelope.

Mercy Health had given its vendor a list of 3,164 patients with their names and addresses to mail the letters to. However, a human error corrupted the list, resulting in patients being mismatched with the incorrect addresses. The vendor sent the letter to 2,487 patients.

After an investigation into the incident, Mercy Health also learned that it did not have a HIPAA business associate agreement in place with the mailing vendor. An agreement is now in place.

No financial, insurance, clinical or other sensitive information was disclosed. Mercy Health said there is no evidence that the patient information has been misused.

More articles on cybersecurity:
Texas provider alerts 6,500 patients of phishing attack
Connecticut payer alerts 1,100 members of phishing attack
10 tips for hospitals to mitigate ransomware attacks

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.