[BreachExchange] NYU Langone Health Notifies Patients of Improperly Disposed Binder Containing Patient Information
Destry Winant
destry at riskbasedsecurity.com
Wed Dec 20 22:40:25 EST 2017
https://nyulangone.org/public-notices/nyu-langone-health-notifies-patients-of-improperly-disposed-binder-containing-patient-information
NYU Langone Health notified patients this week that a binder
containing a log with information related to presurgical insurance
authorizations from NYU Langone Health Pediatric Surgery Associates
was mistakenly recycled by NYU Langone’s cleaning company on October
17, 2017. Patient social security numbers were not included and
therefore are not at risk, and there is no indication that the
information has been misused in any way.
Approximately 2,000 patients were affected, and information for those
patients included name, date of birth, date of service, diagnosis
code, current procedural terminology code, insurer name and
identification number, and potentially other short related comments,
such as any insurance approval or denial information and inpatient or
outpatient status.
Although there is no indication that this information has been
misused, because the documents were not disposed of in accordance with
NYU Langone’s standards, such as shredding, and insurance
identification numbers were included, as a precautionary measure NYU
Langone has arranged for these patients to receive identity theft
protection with cyber monitoring from ID Experts at no cost for one
year.
NYU Langone is committed to protecting the privacy and security of its
patients’ health information and has taken steps to ensure that a
similar incident will not occur. Staff was reeducated on the
importance of safeguarding patient information and the practice
updated their workflow to further protect such information. As
required by law, NYU Langone reported this incident to the Department
of Health and Human Services Office for Civil Rights.
More information about the BreachExchange
mailing list