Breach Source: Envelope StufferMachine put two bills in each envelope Healthcare information breaches have many causes. A New York hospital, for example, discovered that an envelope stuffing machine was placing two bills in each envelope, resulting in patients getting an extra bill intended for someone else.
As a result, about half of the 2,500 bills Strong Memorial Hospital in Rochester, N.Y., mailed to patients on April 19 went to the wrong patient.
The hospital, part of the University of Rochester Medical Center, discovered the problem when patients called, says spokeswoman Teri D'Agostino. An investigation determined that the mailing machine malfunctioned for just one day.
The hospital has notified all the patients affected, as well as federal authorities, as required under the HITECH Act breach notification rule. The letters offer a hot-line for more information and advise patients to monitor their credit.
The billing statements did not include Social Security numbers, dates of birth, diagnosis or details on the charges. However, they included patient names, addresses of those responsible for the bill, general descriptions of services, dates of service, dollar amounts owed, health insurance plan names, and insurance subscriber numbers.
In the wake of the incident, the hospital is removing all insurance subscriber numbers from billing statements, D'Agostino says. In addition, the hospital has added a counter that keeps track of the number of statements and number of envelopes that go through the machine. Also, staff members now spot-check bills after several hundred envelopes are stuffed.
Strong Hospital also is considering outsourcing the mailing of bills, D'Agostino acknowledged.