Community Mercy Health Partners Privacy Breach Affects 94,000

Date: 
Tue, 09/19/2017

Community Mercy Health Partners Privacy Breach Affects 94,000

Springfield, OH Community Mercy Health Partners Springfield Regional Medical Center has been forced to notify 94,000 patients whose Protected Health Information had been discovered in a public dumpster.  The documents were found in a public dumpster located in Clark County, OH.  Most of the documents were dated from 2005 and 2006 and had come from a since closed facility called Community Hospital in Springfield.  Some of the documentation included patients' names, physicians' names, types of studies, guaranto information, health insurance information, diagnoses, social security numbers and driver's licenses numbers.

As required by HIPAA (Health Insurance Portability and Accountability Act), Community Mercy Health Partners filed a data breach report with the U.S. Department of Health and Human Services Office of Civil Rights in addition to  publishing a public notice about the breach.  It is belived that the number of individuals affected is lower beacuse many of the records discoverd belonged to the same person.  A call center was then established to field calls from those recipients of the letter to answer any questions about the breach and their potential exposure.

This was breach was the largest Ohio has seen since it began tracking events such as these since 2009.  I was also the third largest improper paper disposal case in the country.  As a result the hospital has since deployed an education program for all its employees regarding the proper method for handling and disposing of confidential documentation.