Notice of Data Breach
From Hawaii Pacific Health
On January 17, 2020, Hawaii Pacific Health (HPH) learned that the personal information of its patients may have been inappropriately accessed by a Straub Medical Center employee. We identified that the employee accessed patient records between November 2014 and January 2020 and some instances of access may not have been for a valid reason. The employee involved in this matter is no longer employed by Straub. This notice is on behalf of Straub Medical Center, Kapiolani Medical Center for Women & Children, Pali Momi Medical Center and Wilcox Medical Center.
The patient information that may have been accessed include: patient demographic information (including first and last name, address, phone number, email address, date of birth, religion, race/ethnicity, and social security number), medical record number, primary care provider, past or current dates of service, appointment type and related notes, hospital account number, department name, provider name, guarantor (the person responsible for payment) name and account number, and health plan name.
The trust our patients have in us to provide for their health care needs is very important to us, and that includes safeguarding their personal information. Therefore, we want to ensure that our patients, community and regulators are made fully aware of this issue.
In response to this incident, HPH is reviewing its internal procedures and staff training to make any necessary adjustments. We are also looking at new technologies that will improve our ability to more quickly detect patterns of access that may indicate an employee is viewing health information inappropriately.
On March 17, 2020, we mailed letters to all affected individuals. While we believe that the ex-employee was likely accessing the information out of curiosity, rather than for the purposes of identity theft, HPH is including an offer of one year of free credit monitoring and identity restoration services. If you have not received a letter regarding this breach, but would like to confirm whether your information was potentially affected, you may call the toll-free phone number below.
A dedicated, toll-free call center is available for questions and concerns:
(833) 570-0382
6am – 6pm PST
Monday – Friday (excluding national holidays)
* * * * *
THE QUEEN'S HEALTH SYSTEMS NOTIFIES PATIENTS OF POTENTIAL RELEASE OF PERSONAL HEALTH INFORMATION
From Queens.org, 02.21.2020
HONOLULU–The Queen’s Health Systems is notifying approximately 2,900 patients from The Queen’s Medical Center and Queen’s North Hawaii Community Hospital that some of their personal health information may have been inadvertently exposed when an email containing the information was sent to the wrong address. Letters to the affected patients were mailed on February 20.
Importantly, Social Security numbers and financial account information were not included in the email and patients should be assured that their financial security is not at risk.
“We take the privacy and confidentiality of our patients’ information very seriously and deeply regret the concern and inconvenience this situation may cause,” said Harold Moscho, Vice President of Information Technology and Chief Information Officer. “There is no indication that the information has been or will be misused. Maintaining our patients’ trust is our utmost priority and thus, we believe proactively making them aware of this situation is essential. Upon learning of the incident, we moved as quickly as possible to confirm the facts and then to set up the call center and distribute the letters to the affected individuals.”
The incident occurred February 3 when an employee inadvertently sent an email to the wrong address. The email included an attachment that contained information on 2,852 patients who had been seen since June 1, 2019. The information involved includes patient name, patient account number, health plan ID, admission date, discharge date and other limited information related to the patients’ care. In approximately 300 cases, the information also included patient diagnoses. The error was discovered the next day and steps were immediately taken to contact the recipient and recall the message. To date, our efforts to contact the individual or recall the email have been unsuccessful.
The Queen’s Health Systems recommends that affected patients carefully review the statements they receive from their insurers and health care providers. If any services that were not provided to them are listed, they should contact the insurer or provider immediately.
A hotline has been established for affected patients who have questions. Patients can call 1-844- 904- 0956, Monday through Friday between 8:00 am and 5:30 pm, HST.
“While Queen’s has long had safeguards in place to protect patient information, we have taken additional steps to prevent this from occurring in the future. Queen’s is committed to being best- in- class when it comes to information security and our commitment to providing superior healthcare includes ensuring the security and confidentiality of our patients’ information,” Moscho said.
Editor’s Note: Data published by Modern HealthCare provide perspective on the scale and scope of information breaches in the healthcare industry. 300,000 people were affected in December 2019, alone. The top 20 incidents in 2019 ranged from 11 million to 277,000 individuals affected (chart in Feb. 10 print edition).
* * * * *
HHS: Breach Reports (by state)
BHR: Hawaii health system fires employee after wrongfully viewing patient records
Kokua Line: Letter informs Hawaii Pacific Health patients whose files likely were breached by ex-employee