82,577 patients of Texas Health Resources have had some of their health information impermissibly disclosed as a result of a misconfiguration of its billing system.
Texas Health Resources is one of the largest faith-based health systems in the United States and the largest in North Texas, with facilities in 16 counties serving more than 7 million patients.
On August 23, 2019, Texas Health Resources learned that an error in its billing system had resulted in patient information being incorrectly matched with guarantors. The error caused mailings to be sent to incorrect patients or their guarantors. The error occurred on July 19, 2019 and affected mailings up to September 4, 2019.
An investigation was launched to determine which individuals had been affected and the types of patient information that had been impermissibly disclosed. The investigation revealed the following types of information were included in the mailings and had been sent to incorrect individuals: Name, service date, account number, names of treating physicians, name of health insurer, amount owed, and in some cases, a short description of the services received. Highly sensitive information such as Social Security numbers, financial information, and health insurance numbers were not involved. Affected individuals were notified by mail on October 22.
Texas Health Resources has taken steps to prevent similar errors from occurring in the future and has enhanced its data security procedures.
The impermissible disclosure has been reported to the Department of Health and Human Services’ Office for Civil Rights in 15 separate breach reports, one for each of the facilities affected.
The affected hospitals are listed below:
| Affected Hospitals | Individuals Affected |
| Texas Health Harris Methodist Hospital Fort Worth | 14,881 |
| Texas Health Presbyterian Hospital Dallas | 12,415 |
| Texas Health Presbyterian Hospital Plano | 9,678 |
| Texas Health Harris Methodist Hospital Southwest Fort Worth | 7,478 |
| Texas Health Presbyterian Hospital Denton | 6,688 |
| Texas Health Arlington Memorial | 6,187 |
| Texas Health Harris Methodist Hospital Hurst-Euless-Bedford | 4,804 |
| Texas Health Presbyterian Hospital Rockwall | 4,789 |
| Texas Health Harris Methodist Hospital Alliance | 3,784 |
| Texas Health Presbyterian Hospital Allen | 2,993 |
| Texas Health Harris Methodist Hospital Cleburne | 2,737 |
| Texas Health Harris Methodist Hospital Kaufman | 2,157 |
| Texas Health Harris Methodist Hospital Azle | 2,113 |
| Texas Health Harris Methodist Hospital Stephenville | 1,348 |
| Texas Health Harris Methodist Southlake | 525 |
Rosenbaum Dental Group Breach Notification Error Prompts Further Notifications
Florida-based Rosenbaum Dental Group discovered malware had been downloaded onto its systems that potentially gave unauthorized individuals access to the PHI of around 1,200 patients. Affected individuals were notified about the breach on July 1, 2019; however, the breach notifications issued to affected patients were sent on postcards rather than letters. That allowed individuals to be identified as patients of Rosenbaum Dental Group.
In a recent press release, Rosenbaum Dental Group issued an apology about the error and potential HIPAA breach and has confirmed that notification letters are now being sent to advise patients about the error. Affected individuals are being offered one year of complimentary credit monitoring services as a precaution.
The post Texas Health Resources Reports Data Breach Affecting 82,577 Patients appeared first on HIPAA Journal.