By Peter Becker
A compact disc containing private information for over 1,000 patients at Wayne Memorial Hospital (WMH) from the past five years is missing, Hospital officials reported Jan. 22. The unencrypted CD was sent in the mail to another office but the package arrived opened, without the disc.
Wayne Memorial Hospital began sending out notification letters on January 18, to patients affected by the incident. On December 3, 2012, WMH discovered that this CD containing patient information had gone missing. An investigation was launched immediately. The hospital assured patients every step was being taken to address the incident and to protect their privacy.
The CD was included in a package sent by certified mail to WMH’s government authorized Medicare Administrative Contractor. The contractor received the package damaged and without the CD. Upon learning this, WMH conducted a diligent search for the CD with both the United States Post Office and the contractor. To date, WMH has been unable to locate the CD. The investigation confirmed that the CD contained names of patients who used WMH services between 2007 and 2012, account balances and, in some instances, Medicare numbers.
The notification letters were sent to 1,182 affected patients, who had had account balances pending.
WMH administrators said they have no reason to believe that any of the information has been accessed or used improperly. However, in an abundance of caution, the Hospital has established a dedicated call center for those affected. WMH is also offering to eligible individuals one year of credit monitoring services provided through Experian. More information can be found at the WMH website at www.wmh.org.
According to the website, anyone who thinks they are affected by this but who does not receive a letter by Feb. 8, call 866-221-0150 from 9 a.m. to 7 p.m. Monday through Friday.
Lisa Champeau, public relations manager for the hospital, said they are investigating why the information on the CD was not encrypted.
She said all of the normal procedures were followed in mailing the information to the company.
Government regulations require that information be "reasonably protected," she said. However, Champeau said the hospital is being proactive when it comes to studying the procedures and what changes need to be implemented.
"We submit this type of information annually to the authorized Medicare Administrative Contractor. The list includes account balance information and identifying information prescribed by Medicare for accounts that meet certain criteria," said Chief Financial Officer Michael Clifford.
A statement released by Wayne Memorial reads, "WMH deeply regrets any inconveniences or concerns that this incident may cause those affected. The Hospital takes this incident very seriously and is reviewing its policies and procedures to ensure patient information is protected. The Hospital is committed to protecting all patient information and educating staff hospital-wide on the importance of maintaining the confidentiality of patient information entrusted to Wayne Memorial."
Page 2 of 2 - --- Greg Little, Group Editor, contributed to this report