The action comes after the hospital discovered on October 4 that a daily administrative report that is automatically printed in a secure location was not being shredded according to policy but was being "discarded in the hospital's waste stream," according to the notification letter. "There was no sensitive, personal or identifying information in view on the outside of the report; however, located within the report was certain patient related information, including the patient's name and Social Security number."
Hospital officials do not believe any information was improperly accessed as, "based on our waste management process, shortly after disposal, all information was rendered unreadable," according to the letter to affected patients. The hospital has sanctioned some employees and is retraining staff on disposal procedures.
The hospital is not offering free credit protection services but in the letter explains steps patients can take to protect their credit. There is no information on the hospital's Web site about the breach. The Knoxville News Sentinel first reported the breach and local CBS television affiliate WVLT posted the notification letter on its Web site, available here.
--Joseph Goedert
Be the first to comment on this post using the section below.