University of Miami Health System Loses Records Including Social Security Numbers

Categories: News

umiamihospital.jpeg
The University of Miami Health System, one of South Florida's largest health providers, has lost an indeterminate number of patient records including social security numbers and some health information.

The Healthy System has been quietly informing patients of the Department of Otolaryngology of the loss, which was discovered more than six months ago. Spokeswoman Lisa Worley declined to say how large the loss of information is, but it's clear the records included name, date of birth, social security number, physician's name, facility, insurance company name, medical record number, visit number, procedure, and diagnostic codes.

"Medical records are not at risk, but in an abundance of caution, the University is notifying all individuals whose information was included in the missing records," a written statement by the Health System said. It is also offering complimentary credit-monitoring services and has created a toll-free number for information.

It is unclear how the Health System knows exactly whose records were lost. Worley declined to comment on that point.

The records belonged to the Department of Otolaryngology -- a fancy word for ear, nose, and throat. The hospital apparently tried to locate the records at an offsite storage vendor on June 27 of last year, only to discover they were missing. After an exhaustive, monthlong search, it was confirmed that no one knew their whereabouts. Patients only found out this week that their billing information was lost.

"The one thing we expect is that your patient records are going to be kept confidential," says Theo Karantsalis, a New Times freelancer whose son was treated by the department and who received one of the letters Friday.

There is no evidence that the information has been misused. Still, a leaked social security number could put someone at risk for identity theft.

The toll-free number for information about the records is 866-274-4371.

Here is the full statement released by Worley:

"The University of Miami Health System (UHealth) is committed to providing our patients the best possible care and to protecting the confidentiality of our patients' health information. On June 27, 2013, the Department of Otolaryngology, while attempting to retrieve records stored at an offsite storage vendor, was notified that the vendor was unable to locate the records. After an exhaustive search, it was confirmed on August 28, 2013, that the records were not in the possession of the University or the storage vendor.

Everything we're giving out is on the release.

These records consisted of billing vouchers (documents used for internal billing purposes). Vouchers contain the name, date of birth, social security numbers, physician name, facility, insurance company name, medical record number, visit number, procedure and diagnosis codes for the patient's visit. Vouchers are documents used for internal billing purposes ONLY. Medical records are not at risk.

At this time, there is no indication that the information has been misused in any way.

In an abundance of caution, the University is notifying all individuals whose information was included in the missing records. The University also is offering potentially affected patients complimentary credit monitoring protection and has established a website to serve as a primary source of information, as well as a toll-free number for additional questions.

Only patients who were seen at the Department of Otolaryngology may potentially be affected by the incident. Potentially affected patients will receive a notification letter.

University computer systems are completely unaffected by this incident. All patient information remains current and available on these systems.

At the University of Miami Health System, we take the privacy and security of our patients' information very seriously. We continue to review and refine our physical and electronic safeguards to enhance protection of all patient data. We are committed to protecting all information entrusted to us, and pursuant to the Federal HITECH Breach Notification Rule, we will report this incident to the U.S. Department of Health and Human Services.

Available around the clock, the University's incident website is http://entincident.med.miami.edu. The toll-free incident line, 866-274-4371, is available from 9 a.m. to 9 p.m. EST Monday through Friday and from 11 a.m. to 8 p.m. EST Saturday and Sunday until April 30, 2014."

Correction: Earlier, we referred to the University of Miami Health System as "the school," AKA University of Miami Leonard M. Miller School of Medicine. The Health System is a separate entity from the school.

Send your story tips to the author, Allie Conti.

Follow Allie Conti on Twitter: @allie_conti

Follow Miami New Times on Facebook and Twitter @MiamiNewTimes.


Advertisement

My Voice Nation Help
20 comments
piggyfiveo
piggyfiveo

The information that was misplaced has been used to commit fraud, and is being investigationed by the Miami dade police department. It has affected my nearly perfect credit scores by 80 points. The credit monitoring agency that UM is giving victims has been completely useless. The credit agencies are refusing to take the marks off credit reports because they say they have no way of determining which is real and which is fraud and the police department insists I am not a victim because i have not been had responsible by the banks to pay for the charges even though they appear on my credit reports. Complete nightmare.

Peter Kovas
Peter Kovas

This is alarming. Why are patient records stored offsite?

305beachside
305beachside

Excellent reporting, Allie!  


Question: If the data was lost in June 2013, why weren't folks notified sooner?  


This is even more puzzling:  "It is unclear how the Health System knows exactly whose records were lost. Worley declined comment on this."

Ernie Torres
Ernie Torres

Hmm let me guess who ur confidential informant is...

Kenia West
Kenia West

Carlos Caycedo, have a snickers :)

Carlos Caycedo
Carlos Caycedo

Well the health system encompases the hospital and has nothing to do with the school

Miami New Times
Miami New Times

The Health System is t he one that lost the records, neither the hospital nor the university itself.

Carlos Caycedo
Carlos Caycedo

Um hospital is a different entity than the university of miami get ur shit straight

j.pollo
j.pollo

It wasn't the University, it was an outside vendor. Why are you crucifying the University?

el_negro_mama
el_negro_mama

@room1109  because it takes months for companies to notice. IT security standards are substandard throughout the consumer retail industry, healthcare, etc... it took Target a few weeks and Neiman Marcus didn't know a thing about its data breach for over 6 months!

chuck.strouse
chuck.strouse moderator editor

@room1109  Meant to question how, if the records were stolen, they know exactly what is missing...Was there some sort of index? 

chuck.strouse
chuck.strouse moderator editor

Carlos, the post says nothing about the school. 


el_negro_mama
el_negro_mama

thank you for the article correction allie. makes a huge difference!

chuck.strouse
chuck.strouse moderator editor

@j.pollo  Simple. If you give your records to the health system, you expect the health system to keep those records safe. And we aren't crucifying anyone. We do wonder why they are being secretive about the number of missing records....

el_negro_mama
el_negro_mama

@mccoy.terrence  i thanked her for the correction you cunt. and of course she put her name on this. i mean she's a journalist isn't she?? jesus christ. what a douchebag terrence. and what kind of name is terrence???  - shane

mccoy.terrence
mccoy.terrence

@el_negro_mama @room1109  Whoa there, aren't you big and tough and smart, using the word "pablum" and flashing your Columbia cred. She had the courage to put her name on this, what's yours, sweetheart? 

Now Trending

Miami Concert Tickets

From the Vault

 

Loading...