Breach Source: Envelope Stuffer

Machine put two bills in each envelope Healthcare information breaches have many causes. A New York hospital, for example, discovered that an envelope stuffing machine was placing two bills in each envelope, resulting in patients getting an extra bill intended for someone else.

As a result, about half of the 2,500 bills Strong Memorial Hospital in Rochester, N.Y., mailed to patients on April 19 went to the wrong patient.

The hospital, part of the University of Rochester Medical Center, discovered the problem when patients called, says spokeswoman Teri D'Agostino. An investigation determined that the mailing machine malfunctioned for just one day.

The hospital has notified all the patients affected, as well as federal authorities, as required under the HITECH Act breach notification rule. The letters offer a hot-line for more information and advise patients to monitor their credit.

The billing statements did not include Social Security numbers, dates of birth, diagnosis or details on the charges. However, they included patient names, addresses of those responsible for the bill, general descriptions of services, dates of service, dollar amounts owed, health insurance plan names, and insurance subscriber numbers.

In the wake of the incident, the hospital is removing all insurance subscriber numbers from billing statements, D'Agostino says. In addition, the hospital has added a counter that keeps track of the number of statements and number of envelopes that go through the machine. Also, staff members now spot-check bills after several hundred envelopes are stuffed.

Strong Hospital also is considering outsourcing the mailing of bills, D'Agostino acknowledged.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.