TRENDING:

Breach Source: Envelope Stuffer

Machine put two bills in each envelope Howard Anderson (ismg_editor) • May 21, 2010     Healthcare information breaches have many causes. A New York hospital, for example, discovered that an envelope stuffing machine was placing two bills in each envelope, resulting in patients getting an extra bill intended for someone else.

As a result, about half of the 2,500 bills Strong Memorial Hospital in Rochester, N.Y., mailed to patients on April 19 went to the wrong patient.

The hospital, part of the University of Rochester Medical Center, discovered the problem when patients called, says spokeswoman Teri D'Agostino. An investigation determined that the mailing machine malfunctioned for just one day.

The hospital has notified all the patients affected, as well as federal authorities, as required under the HITECH Act breach notification rule. The letters offer a hot-line for more information and advise patients to monitor their credit.

The billing statements did not include Social Security numbers, dates of birth, diagnosis or details on the charges. However, they included patient names, addresses of those responsible for the bill, general descriptions of services, dates of service, dollar amounts owed, health insurance plan names, and insurance subscriber numbers.

In the wake of the incident, the hospital is removing all insurance subscriber numbers from billing statements, D'Agostino says. In addition, the hospital has added a counter that keeps track of the number of statements and number of envelopes that go through the machine. Also, staff members now spot-check bills after several hundred envelopes are stuffed.

Strong Hospital also is considering outsourcing the mailing of bills, D'Agostino acknowledged.

Previous
HIPAA Audit Update: OCR's Susan McAndrew
Next
Should Encryption Be Mandated?

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

Zero Trust, Auditability and Identity Governance
Zero Trust, Auditability and Identity Governance
Why Entities Should Review Their Online Tracker Use ASAP
Why Entities Should Review Their Online Tracker Use ASAP
Threat Modeling Essentials for Generative AI in Healthcare
Threat Modeling Essentials for Generative AI in Healthcare
Critical Considerations for Generative AI Use in Healthcare
Critical Considerations for Generative AI Use in Healthcare
The State of Security Leadership
The State of Security Leadership
Generative AI: Embrace It, But Put Up Guardrails
Generative AI: Embrace It, But Put Up Guardrails
Addressing Security Gaps and Risks Post-M&A in Healthcare
Addressing Security Gaps and Risks Post-M&A in Healthcare
Inside Look: FDA's Cyber Review Process for Medical Devices
Inside Look: FDA's Cyber Review Process for Medical Devices
Why OT Security Keeps Some Healthcare Leaders Up at Night
Why OT Security Keeps Some Healthcare Leaders Up at Night
Why Connected Devices Are Such a Risk to Outpatient Care
Why Connected Devices Are Such a Risk to Outpatient Care

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.