Associated Press reports that more than 15,000 X-rays of Henry Ford Health System patients were stolen from a warehouse in May. Read more here.
The health system posted a substitute notice on July 16:
Henry Ford Health System is notifying patients about their health information after old X-ray films were stolen from a storage warehouse before the films could be destroyed. The information belonged to 15,417 patients.
The health information was related to X-rays these patients received between 1996 and 2003 and may have included the following: Their name, medical record number, age or date of birth, gender, building location where the X-ray was taken and the X-ray image itself. Their Social Security number, health insurance number, mailing address, telephone number or other personal identifying information that could be used for identity theft or fraud never appeared on the X-ray films.
The theft occurred on May 24, 2013 from a storage warehouse owned and operated separately from Henry Ford. As of this date, the X-ray films have not been recovered. A warehouse employee was arrested in connection with the theft, and police continue their investigation into other people believed to have been involved.
After learning of the theft on May 24, 2013 an investigation began to determine the affected patients, type of health information exposed and how the theft occurred.
This incident was solely isolated to the warehouse, did not involve any Henry Ford employees, and did not involve any other secured patient information kept by our health system.
To assist patients with their questions, Henry Ford set up a toll-free hotline for patients to call from 9 a.m. – 9 p.m. Monday through Friday. The number is 1.877.819.9692.
A list of FAQ can be found here.
This appears to be the fourth breach the health system has disclosed that I’ve reported on this blog since 2010. In 2010, they revealed that a laptop stolen from an unlocked medical office contained PHI on 3,700 patients. In 2011, an employee lost a flash drive with PHI on 2,777 patients, and the health system also reported that a computer stolen from their corporate headquarters contained PHI on 520 patients.