Alert Patients To All Breaches Of Their PHI

July 6, 2005


COLUMBUS, OH (HIPAA Wire) Think you should only make patients aware of privacy or security breaches that will lead to identity theft? Think again.

Ohio State University Medical Center contacted 15,000 patients after a laptop containing patients' billing information was stolen from a financial consultant. No identifying information such as birth dates or Social Security numbers was stored in the files, however.

The laptop was stolen from MTE Consulting on April 9, but the firm did not contact OSU until later that month. OSU immediately began researching the breach and decided to notify affected patients by letter even though "you could probably get more information out of a phone book," Christopher Mahler, a partner with MTE Consulting told the Columbus Dispatch.

Bottom Line: Warn your patients any time their information is inappropriately accessed -- even if you are certain that the breach won't lead to identity theft.

main page ATTRITION feedback