Holy Cross Hospital in Fort Lauderdale, Fla., is notifying 44,000 emergency department patients of a possible breach of their personal health information.

The hospital was the victim of an identity theft ring, which the U.S. Postal Service has been investigating for several months. A hospital employee in the ED stole as many as 1,500 pre-printed patient data sheets that included such information as name, address, date of birth, Social Security number and initial diagnosis. "This was not a compromise of the computer systems that the hospital uses to protect patient information," the hospital contends in a statement. "Through cooperation with a federal investigation, Holy Cross identified the individual involved, who admitted improper conduct and was immediately terminated."

The employee, and another employee working at a physician office in Aventura who also stole patient data, sold the data to another individual who sold it to two other individuals, who used the information to obtain credit and debit cards, according to the Sun Sentinel newspaper in Fort Lauderdale.

The investigation has evidence that data from 38 patients was compromised. But the hospital believes as many as 1,500 ED patient data sheets may have been compromised between April 2009 and September 2010. Consequently, the hospital is notifying all of the approximately 44,000 patients who received ED treatment during that period.

The hospital is offering one year of free credit monitoring and has limited the types of information that will appear on patient data sheets when they are printed.

More information is available at holycrossidprotect.com.

--Joseph Goedert


Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access