Corporate Compliance

Thousands of medical records leaked in California

Compliance Monitor, February 22, 2012

A glitch in the network security settings of five California hospitals allowed outside search engines to potentially access the private health data of thousands of patients, the health system discovered earlier this month.

The St. Joseph Health System in Orange, CA, reported on its website that it learned February 8 that its hospitals accidentally made PHI accessible to disclosure by allowing outside search engines to access certain files on its internal computer network. The information relates to patients who may have received services between February 2011 and August 2011, according to a press release from St. Jude Medical Center in Fullerton, CA, one of the five hospitals in the St. Joseph Health System.

The breach affected an estimated 30,000 patients, according to Healthcare Info Security’s February 17 report.

The data did not contain Social Security numbers, financial data, or addresses, but did possibly include patient names, lab results, demographic information, and diagnoses lists, according to the St. Jude press release.

St. Jude is providing identity theft protection services to its patients at no cost.

Most Popular