Byron Center, Mich.-based Mercy Health Physician Partners Southwest began notifying 2,487 patients Feb. 10 that their information may have been exposed in a mailing error.
On Dec. 12, 2019, a third-party vendor of Mercy Health incorrectly mailed patients letters about a physician's departure. Patients received letters from the practice with the wrong name on the envelope.
Mercy Health had given its vendor a list of 3,164 patients with their names and addresses to mail the letters to. However, a human error corrupted the list, resulting in patients being mismatched with the incorrect addresses. The vendor sent the letter to 2,487 patients.
After an investigation into the incident, Mercy Health also learned that it did not have a HIPAA business associate agreement in place with the mailing vendor. An agreement is now in place.
No financial, insurance, clinical or other sensitive information was disclosed. Mercy Health said there is no evidence that the patient information has been misused.