On March 22, MyHighPlains.com reported that Texas Tech University Health Sciences Center (TTUHSC) had experienced a breach that resulted in 700 patients’ billing statements being sent to the wrong addresses. The breach was also disclosed that day on TTUHSC’s web site and in a press release identical to the statement posted on their web site.
In response to a request I sent them, TTUHSC kindly sent a copy of their notification letter to patients of March 12, which I’ve uploaded here (.docx). The letter reads, in relevant part:
On February 20, 2013, Texas Tech University Health Sciences Center (TTUHSC) became aware of a technical error that occurred while processing billing statements for TTUHSC patients. The error, which occurred on February 18, 2013, caused patient billing statements to be linked to incorrect patient addresses. This may have resulted in your statement going to the wrong address. The information contained in each of the billing statements included:
- Account number
- Invoice number
- Date service at TTUHSC
- Charge amount
- Department & Provider Name
- Adjustment amount
- Payments from insurance company(s)
- Amount Due
- Total Account Balance
You may have received a statement belonging to another individual. To ensure that all patient information is maintained confidential, please return the statement to TTUHSC or destroy the copy.
We have not received any indication that the information contained in these statements has been accessed or used by an unauthorized individual. However, we do recommend you call the toll-free numbers for any of the three major credit bureaus to make sure there has not been any type of unusual activity. In addition you can ask to have a Fraud Alert put on your credit file.
We take very seriously our role of safeguarding your personal information. TTUHSC apologizes for the inconvenience this situation may have caused you. Please be assured that additional safeguards have been put into place.
Should you have any questions, do not hesitate to call our toll-free number at (877) 272-0570.
Very nicely written letter, in my opinion. I’m not sure why/whether patients would need to contact credit bureaus given the types of information involved, but all in all, a quickly detected breach with a clearly written notification letter probably goes a long way towards diffusing any anger or frustration patients might feel.