Children’s Hospital Los Angeles Alerts Parents to Impermissible Disclosure of Children’s PHI
Children’s Hospital Los Angeles is notifying parents of a privacy breach that saw the protected health information (PHI) of children disclosed to incorrect insurance payors.
The privacy breach was discovered on November 29, 2017, with notifications sent to affected patients on December 19.
The impermissible disclosure of PHI included names, addresses, medical record numbers, birth dates, dates of service, and descriptions of the services provided.
Upon discovery of the privacy breach, the insurance payors were contacted and instructed to delete the information. Satisfactory assurances have been received that the information has now been deleted and the medical records of affected patients have been updated to include correct payor information.
No reports have been received to suggest any of the disclosed information has been used inappropriately; however, out of an abundance of caution, affected patients have been offered credit monitoring/protection services with ID Experts without charge.
In the breach notification letters, parents have been advised to monitor insurance communications, including Explanation of Benefits statements, for any services that have not been received by their children and to be alert to the possibility of inappropriate use of their child’s PHI.
The incident has prompted Children’s Hospital Los Angeles to re-enforce education of vendors and staff on the importance of safeguarding patient information.
The incident has been reported to the California Attorney General’s Office and will be reported to the HHS’ Office for Civil Rights. At this stage it is unclear exactly how many individuals have been impacted by the incident.