Patient and personal info exposed when package sent by courier damaged in transit
Northridge Hospital Medical Center in California notified the U.S. Dept. of Health & Human services that 837 patients were affected by a breach that occurred on October 16 involving paper records. A notice on their home page says, “Northridge Hospital Medical Center has experienced a security incident involving Medicare and Medi-Cal patient information. If you were a patient at our Hospital between September 2004 and June 2006, please visit our Security Alert Page for details.” That notice says, in part:
On October 18, 2010, Northridge Hospital Medical Center discovered that a package sent thru a national courier containing information for 716 Medicare and Medi-Cal patients was damaged in transit, potentially exposing patient information to courier employees. We have no reason to believe that the information left the confines of the courier’s facilities.
Northridge Hospital has sent letters offering credit monitoring services to all Medicare and Medi-Cal patients whose personal/sensitive information may have been exposed. If you were a patient between September 2004 and June 2006 and have not received a letter or have questions, please contact 1-877-906-1590.
The documents may have contained patient names, addresses, phone numbers, social security numbers, guarantor social security number, date of birth, date of death, medical record number, admission and discharge dates, discharge summary, physician, procedure, notes for pregnancy-related emergency, admission, financial account number, provider number, insurance ID, Medicare or Medi-Cal charges billed and paid, hospital room and board charges, Medi-Cal ID number, California Children’s Services Authorization, and Medi-Cal Treatment Authorization.
It’s not clear why the number reported in the notice is discrepant from the one reported to HHS.