Two employees at the University of Miami Hospital have been terminated and remain under police investigation after confessing to accessing data from paper registration face sheets that may have been sold to a third party, the University of Miami Health System has announced.

The university is not saying how many patients were affected, but will have to report that number to the HHS Office for Civil Rights and it could be a very large breach. Out of an “abundance of caution,” the university is notifying all patients at the University of Miami Hospital, formerly Cedars Medical Center, from October 2010 to July 2012. The breach does not affect other health system facilities and does not affect any information systems.

Information on face sheets includes names, addresses, dates of birth, insurance policy numbers, and reason for and service area for the visit. “While the Social Security number field was masked to display only the last four digits, some health insurance plans, such as Medicare and Medicaid, continue to use Social Security numbers as insurance policy numbers,” according to a university statement. “Such information was included on the face sheets.”

The university became aware of the breach on July 18 when notified by police. The university is offering affected patients two years of comprehensive credit and identity protection services from Experian.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access