Hospital Web Site Upgrade Causes Breach

A mistake made while updating the Web site of Sonoma Valley Hospital in California has resulted in a notification to 1,350 surgery patients of a breach of their protected health information.

The breach occurred on February 14, 2013, when an employee accidently uploaded personal health information that was not directly accessible on the site, but was accessible through a search engine. Patients who had surgery from July 1, 2011, to June 30, 2012, were affected. Posted information included name, date of service, procedure, surgeon, hospital charges and the name of the insurance company. Social Security numbers, birth dates, driver’s license numbers and addresses were not among the compromised information.

“We have apologized to the patients involved for our error and assured them that we have taken action to understand the cause of the breach and strengthened policies and controls protecting patient information,” says Richard Reid, CFO and compliance officer at the 83-bed acute care hospital.