PHI Potentially Compromised Due to Breaches at 3 Healthcare Organizations

Mailing Error at Kaiser Permanente

Kaiser Permanente found out that they accidentally mailed letters to patients’ past addresses. Kaiser Permanente had started a project to enhance mailing addresses for communication with members in Southern California. On November 1, 2019, the error that prompted the sending of the letters to wrong addresses was discovered. According to the investigation findings, the error started on October 6, 2019 and the wrong addresses were fixed on December 20, 2019.

The mailings that were sent in error included surveys, referral letters, appointment reminders, care reminders, and Explanation of Benefits statements. The information contained those letters included demographic data, medications information, diagnoses, billing data, and medical insurance data. There was no financial data or Social Security numbers exposed.

Kaiser Permanente has given more training to the employees to avoid more errors later on. Letters were resent to the appropriate addresses. About 500 patients were affected by this mailing error according to the HHS’ Office for Civil Rights (OCR) breach portal.

Breach Due to the Error of Riverview Health’s Mailing Vendor

The mailing vendor of Riverview Health based in Noblesville, IN made a printing error, which caused a breach of the names of 2,610 patients.

The mailing vendor was directed to mail patient notification letters about the plan to switch to two primary care providers. However, the error caused the sending of the letters to the wrong recipients on January 6, 2020. Riverview discovered the mailing vendor error on January 14, 2020.

The recipients of the letters were identified as patients of either of the two primary care providers of Riverview Health. No other data was exposed.

Riverview Health has taken steps to avoid identical errors from happening later on, such as the inclusion of more review methods before mailing notification letters to patients.

Abandoned Mental Health Records in Chicago Street

Physical health records originating from the Community Mental Health Council were found abandoned in a street in West Englewood, Chicago. The Community Mental Health Council closed down its clinics for good after losing its funding in 2012.

The sensitive data of hundreds of past patients were exposed. The information contained in the records included names, addresses, diagnosis data, health records, Social Security numbers, and other sensitive data. A local resident saw the physical records scattered all over an alley from Hermitage Avenue when she brought out her garbage. City officials were informed and already collected and secured the records. They are currently trying to find out who was at fault for throwing the documents.