University Hospitals releases statement after employee releases patient information

University Hospitals releases statement after employee releases patient information

CLEVELAND, OH (WOIO) - University Hospitals says an employee’s actions of disclosing patient information “violated UH policies and procedures.”

An internal investigation was launched after the unauthorized disclosure of patient information occurred at University Hospitals Rainbow Babies & Children’s Hospital on Feb. 28, according to the hospital system.

“University Hospitals Rainbow Babies & Children’s Hospital said today that an employee sent an email message to a select group of patients or their parents/guardians containing personally identifiable information. When the message was sent, all email recipients had their email address placed in the “to” field which allowed recipients to read the email addresses of all other recipients. The email contained information related to a new departmental billing policy. While the email message itself did not contain any specific health information about any patient, the nature of the message implied all recipients receiving the message shared the same medical condition.”

Information that was disclosed without authorization included email addresses and health information, but University Hospitals is not aware of any malicious identity theft at this time.

University Hospitals has taken several safety measures to help ensure that similar incidents do not occur again in the future:

  • Educated the employee regarding proper procedure when communicating with patients electronically
  • Notified appropriate regulatory bodies
  • Notified all individuals whose information was part of the incident
  • Provided education regarding patient privacy and HIPAA

Employees will also be provided additional training relating to electronically communicating with patients.

“UH takes the protection of patient health information very seriously. UH continually evaluates and strengthens its health information practices to enhance the security and privacy of its patients’ information, including the ongoing training, education and counseling of its workforce regarding patient privacy matters.”

All individuals who may have been impacted by the incident were mailed a letter of communication. For any additional information, patients can contact the University Hospitals’ Privacy Office at 216-286-6362.

Copyright 2019 WOIO. All rights reserved.