Dedicated to providing the latest
HIPAA compliance news

1,081 St. Louis Patients Alerted About Improper PHI Disclosure

Share this article on:

1,081 patients of the MS Center of Saint Louis and Mercy Clinic Neurology Town and Country are being informed that they may be contacted for marketing and research purposes by pharmaceutical companies and other third-parties, even though they may not have given their permission to be contacted.

HIPAA Rules do not permit patients to be contacted for marketing or research purposes unless consent to do so has first been obtained. However, an error has resulted in patients’ information being disclosed to third parties in error and patients may be contacted by telephone, mail or email as a result.

The MS Center and Mercy Clinic Neurology Town and Country report that medication onboarding forms were accidentally provided to pharmaceutical companies, even though the forms had not been signed by patients. The error also means patients’ protected health information has been impermissibly disclosed.

Protected health information detailed on the forms includes names, email addresses, telephone numbers, home addresses, health insurance information, and in some cases, treatment and prescription information and Social Security numbers.

Due to the sensitive nature of the information disclosed, there is a possibility that the information could be used inappropriately, although MS Center and Mercy Clinic Neurology Town and Country believe the information has not been used for any other purpose other than marketing and research. However, out of an abundance of caution, all affected individuals have been given the opportunity to register for 12 months of credit monitoring and identity theft protection services without charge.

Upon discovery of the error, an internal investigation was launched and staff potentially involved were interviewed about the incident. Policies and procedures have now been changed to prevent similar incidents from occurring in the future.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On