Community Mercy Health Partners Informs Patients of November Data Infringement

During late November, a member of the public found many documents at a recycling center which seemed to have come from hospitals administrated by Community Mercy Health Partners.

The documents included complete info concerning patients who had gotten medical services between 2005 and 2013. The info in the documents contained patients’ names, physicians’ names, health insurance details, medical diagnoses, types of study they were involved in, accession numbers, guarantor information, as well as Social Security numbers, driver’s license details, and some clinical info.

LeRoy Clouser found the files in a lot of dumpsters and notified the Springfield Police. Community Mercy Health Partners was consequently directed by law enforcement officers concerning the discarded records and dispatched staff to recover the documents. The issue was informed in the media at the time, though it has taken some time for an inquiry to be carried out and for all patients to be known. That inquiry is now finished and patients began being informed of the data infringement on January 25.

The inquiry disclosed that the records connected to patients who had gotten medication at Springfield Regional Medical Center as well as Mercy Memorial Hospital. The records didn’t come straight from either, however, had been wrongly disposed of by a HIPAA Business Partner of Community Mercy Health Partners on the day of November 25, 2015. All of the documents are assumed to have been regained from the dumpsters and are now safe.

But, it’s impossible to decide whether any of the records were taken out by members of the public or had been seen by unauthorized people. Patients have therefore been notified to examine their health insurance Explanation of Benefits accounts carefully for any doubtful entries.

To avoid future privacy infringements like this from happening in the time ahead, Community Mercy Health Partners has “re-educated our facilities administration service providers on the needs for physical storage repositioning tasks.”

Further steps have also been taken to avoid future infringements, like carrying out a re-inventory of document storing places and making sure paper records are only preserved when absolutely necessary, like when electronic data isn’t accessible.

At the moment of writing it’s still not clear how many patients were affected by the infringement. The initial infringement report showed “thousands” of records had been wrongly discarded. It will not be identified how many people have been affected until the infringement report emerges in the Office for Civil Rights infringement portal.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.