Personal data for thousands of patients leaked online

Tools

Another day, another privacy breach. New York-Presbyterian Hospital and Columbia University Medical Center "inadvertently" posted the personal information of about 6,800 patients--including names, clinical data and 10 social security numbers--online, reports the New York Times. While the breach was discovered in July (after a patient's relative saw the information online), the hospital and medical center didn't announce the problem until yesterday because of an ongoing investigation.

The personal information was accidentally placed on a server, but has since been removed, the hospital said in a statement.

During the breach, exposed data such as names, ages, surgical status, temperature and pulse became accessible to search engines, Myrna Manners, a NewYork-Presbyterian Hospital spokeswoman told the Times. Patient diagnoses were not disclosed, she noted.

The hospital and medical center have taken definitive steps, such as strengthening information and data security systems and enhancing employee awareness, to ensure continued patient safety.

"We deeply regret that this has occurred and we understand the concern that patients and their families may feel upon learning that their information may have been exposed," the hospital said. "We are in the process of informing all affected patients and have set up a hot line for patients to call if they have questions."

It's still unclear how health data became unintentionally public. While the hospital says there's no evidence the information has been "improperly used," it has not disclosed whether it knows how many people might have seen the information.

For more:
- read the New York Times article
- read the AP article
- read the DOTmed News piece
- here's the NewYork-Presbyterian Hospital privacy alert

Related Articles:
Patient information found on interstate
Privacy concerns hold back wider EHR adoption
Why you shouldn't process and store medical records online
Patient records sold to recycling center