Borgess Rheumatology Informs 700 Patients of Mailing Error

Borgess Rheumatology has announced that 700 of its patients have been impacted by a mailing error that occurred on December 9, 2015., that exposed their PHI.

While no Social Security numbers or other highly sensitive data have been disclosed, affected patients have had their name and the fact that they receive medical services at Borgess Rheumatology disclosed to another patient. In each case, a single patient will have been made aware of the name of another patient who receives treatment at Borgess Rheumatology and that prescription medications were used by that individual.

No health information or sensitive data such as Social Security numbers or Insurance details were detailed in the letters. While affected patients have had their privacy violated, due to the very limited data that was inadvertently disclosed, patients are unlikely to face any risk of identity theft as a result of the mailing mistake.

In a statement issued to West Michigan News Channel 3, Borgess Rheumatology said the error occurred on December 9, 2015, and that the mistake was discovered the following day. Attempts have been made to contact all 700 affected patients and to recall the misdirected letters.

Borgess Rheumatology is also taking action to ensure that similar incidents do not occur in the future. According to the media notice issued on February 5, the healthcare provider is taking “aggressive steps” to prevent future privacy breaches of this nature. Those steps include conducting further staff training to ensure staff members are fully aware of the safeguards that must be implemented to prevent HIPAA breaches.

Susan McDonald, Borgess Rheumatology’s Corporate Responsibility Officer & HIPAA Privacy Officer, said training had previously been provided to all staff members, and she confirmed that all employees are required to undergo annual training on HIPAA, corporate responsibility, and patient privacy. The mailing error has prompted Borgess Rheumatology to bring forward training and the company will be “re-educating and training staff on necessary safeguards.”

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.