MidMichigan Medical Center (MMC) in Alpena has made contact with patients to advise them of a possible breach of their health information, which may have literally benn blown into the hands of people unauthorized to view the information.
Late on November 18, a MMC cardiologist moved patient files from the Alpena cardiology office without adequate authorization. The files were placed to the cardiologist’s vehicle in a storage container which was not been properly secured.
Not far from to a parking lot near 12th Avenue/Chisholm Street, the container fell to the ground, spilling the contents inside on the ground. The wind started blowing documents round the street.
Some of the documents were gathered up by members of the public, who told the hospital that documents containing sensitive patient information was all around the street. The hospital let law enforcement know so that they could provide assistance in collecting the paperwork.
Dr. Richard Bates, vice president of medical affairs at MMC published a statement saying all of the paperwork is now though to have been gathered, so the risk to patients is thought to be minimal. However, since it cannot be confirmed that all documents has been recovered, patients have been made aware of the possible breach of their PHI.
The rationale for the cardiologist, Dr. Christopher Walls removing the records from the office is not known. However, moving documents containing patient information is a violation of hospital procedures, and Dr. Walls is no longer employed at MMC due to this breach.
Around 1,900 patients have been notified of the potential HIPAA breach, which may have included names along with addresses, Social Security numbers, and clinical history. As a precautionary move, affected patients have been offered 12 months’ complimentary identity theft protection services.
Bates remarked: “We take matters related to the security of our patients’ personal information very seriously because it is our responsibility to protect their privacy. We have rigorous processes and procedures in place to detect breaches and to protect patients’ rights,”