SSM Health hospital finds documents containing 301K patients' information in former facility

SSM Health St. Mary's Hospital-Jefferson City (Mo.) is notifying 301,000 patients after documents containing patient information were discovered at a former hospital campus that is slated for demolition.  

The documents included administrative and operational support information for various departments and were restricted to limited demographic, financial and clinical data, such as patients' names and medical record numbers.

The hospital said all formal medical records had been "safely and securely transferred" before staff moved to its new facility in November 2014.

An investigation into the incident, which the hospital learned of June 1, determined the safeguards the hospital had in place to protect the empty facility were not adequate to secure patient information. According to an SSM Health news release, "given the age and type of information recovered, the hospital does not yet have a reliable estimate of the number of individuals impacted." It reported an estimate of 301,000 patients to HHS' Office for Civil Rights.

SSM Health does not believe the incident presents a risk to patients, but it is working to identify and notify every patient whose information had been recovered. It is also reviewing and revising its policies for health record storage, retention and destruction.

An SSM Health spokesperson pointed to the hospital's news release on the incident when Becker's Hospital Review reached out for additional comment.

More articles on cybersecurity:

Vanderbilt warns hospital staff about recent phishing attempts
5 privacy concerns for Amazon's healthcare efforts
UnityPoint Health could be sued for data breach affecting 1.4M

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Webinars

Featured Whitepapers