SHAKER HEIGHTS, Ohio — University Hospitals has revealed details behind a situation involving the unauthorized disclosure of patient information.
The issue took place in late February when an employee had distributed an e-mail to a group of patients regarding a new billing policy.
UH officials sent the following statement to Channel 3:
University Hospitals Rainbow Babies & Children’s Hospital said today that an employee sent an email message to a select group of patients or their parents/guardians containing personally identifiable information. When the message was sent, all email recipients had their email address placed in the “to” field which allowed recipients to read the email addresses of all other recipients. The email contained information related to a new departmental billing policy. While the email message itself did not contain any specific health information about any patient, the nature of the message implied all recipients receiving the message shared the same medical condition. UH has mailed letters to notify each individual who may have been affected.
The incident occurred on February 28, 2019 and UH launched an internal investigation that same day when it learned what occurred.
The employee’s unauthorized disclosure of patient information violated UH policies and procedures. UH is not aware of any identity theft or harm to patients caused by the employee’s unauthorized disclosure of patient information, but UH is notifying appropriate individuals of this incident out of an abundance of caution.
The information that was disclosed includes email address and health information related to medical condition.
UH has taken the following steps to correct the situation and prevent similar occurrences in the future:
- Educated the employee regarding proper procedure when communicating with patients electronically.
- Notified appropriate regulatory bodies.
- Notified all individuals whose information was part of the incident.
- Provided education regarding patient privacy and HIPAA.
In addition UH will be providing additional training and tools to staff related to communicating information electronically with patients.
UH takes the protection of patient health information very seriously. UH continually evaluates and strengthens its health information practices to enhance the security and privacy of its patients' information, including the ongoing training, education and counseling of its workforce regarding patient privacy matters.
A direct USPS letter communication from UH has been sent to all individuals who may have been affected. For further questions regarding this incident, please call UH’s Privacy Officer at 216-286-6362, Monday – Friday between 8:30 a.m. and 4:30 p.m.