University of Tennessee Medical Center alerts patients about possible security incident

Close to 8,000 patients at UT Medical Center will recieve letters notifying them of a privacy incident concerning their patient information.

An e-mail sent to the staff of the hospital on Friday explains that an administrative report was thrown in the trash instead of shredded like the hospital policy. While there was no information on the outside of the report, there was patient information including their name and a social security number inside of the report. Once the staff realized the error, they found and disposed of the documents correctly.

Read more on WBIR.

Bill Brenner of Knoxville News also covers the incident:

According to Gary Thomas, Health Insurance Portability and Accountability Act Privacy Officer for UT Medical Center, the hospital became aware Oct. 4 that records were disposed of without being shredded.

In his letter to affected patients, Thomas explained that a daily administrative report was automatically printed to a secure location inside the hospital. Once printed, a hospital employee placed the report in a storage location within the department for later access.

“Based upon departmental policy, the report was maintained for 45 days. The oldest report was discarded each day as a current report was added. Rather than being shredded per Hospital policy, the report was discarded in the Hospital’s waste stream,” Thomas stated in the letter. “There was no sensitive, personal or identifying information in view on the outside of the report; however, within the report was certain patient-related information, including the patient’s name and social security number.”

Read more on Knoxville News.

About the author: Dissent

Comments are closed.