(Memphis) The MED is alerting some patients who were treated at their outpatient facility that their personal information may have been accidentally sent out in one of three emails sent out by an employee.
That information includes the social security number, phone number and reasons for therapy.
This impacts almost 1200 patients who were treated here between May of 2012 and January of 2013.
Michael England says with all the information you're required to give it`s no wonder personal information gets leaked from time to time.
“They have to closely guard that information! You could invent me ten times over with the information that`s given out as a patient here,” said England.
The MED says this happened because an employee accidentally attached a list of medical records to an email and sent it out. England says that`s no excuse.
“Can they come up with a computer program that will guard that information and not allow it to be attached unless you go through an elaborate set of circumstances,” said England.
This patient just got out of the ER and says this is a sign of the times.
The MED is offering one year of free credit monitoring for them to make sure their information isn't improperly used.
The MED says they are working with the organizations that received those emails to make sure none of the information is compromised and they say they have reason to believe most of the emails we`re deleted without any problems.
Regional Medical Center Notifies Patients of Privacy Issue
Memphis, Tenn. — Regional Medical Center (medical center) is committed to protecting our patients' privacy. We take patient privacy very seriously, and it is important to us that our patients are made aware of any potential privacy issue.
On March 15, 2013, the medical center discovered that three unsecure emails with an attachment containing the personal information of outpatient physical therapy patients who received services between May 1, 2012 and January 31, 2013 were sent out. The emails were sent on October 29, 2012, November 1, 2012 and February 4, 2013, and the attachment included personal information, including the patient's name, patient account number, date of birth, social security number, home phone number, and type/reason for outpatient physical therapy services.
The medical center has been and will continue to work closely with the company that received the emails, and it is believed the emails were deleted and not further used or disclosed at the time of the incident.
The medical center believes this was an innocent employee mistake and has not received any indication that patient information has been used or further disclosed in an inappropriate manner by anyone. However, in an abundance of caution, the medical center is notifying affected patients of this incident by letter and has retained a specialty firm to provide one year of free credit monitoring services to affected patients. While the medical center maintains a robust privacy and security compliance program, it also has taken internal steps to help ensure this does not happen again.
The medical center understands the importance of safeguarding patient privacy and takes that responsibility very seriously. It regrets this incident occurred and is committed to preventing such occurrences in the future.
Patients who received treatment at the medical center’s outpatient physical therapy unit between May 1, 2012 and January 31, 2013 may contact 1-855-716-3627 for more information.