Paperwork Containing PHI of Oklahoma Heart Hospital Patients Accidentally Donated to Charity

Oklahoma Heart Hospital has started notifying certain patients about a privacy incident in which paperwork containing limited patient information was accidentally donated to charity.

A former employee had made handwritten notes which contained the protected health information of a limited number of patients during the course of that individual’s employment at Oklahoma Heart Hospital between 2011 and 2014.

Some of the former employee’s personal possessions were donated to charity in May 2021, with the handwritten notes accidentally included in the donated items. Oklahoma Heart Hospital was contacted by the individual who found the notes and arrangements were immediately made to collect the paperwork. The documents were then cataloged to identify the patients involved and the types of information that had been exposed.

The notes included information such as patients’ names, medical record numbers, OHH visit numbers, dates of birth, ages, admit dates, genders, and clinical information consisting of diagnosis, lab results, medications and/or treatment information. No information was exposed that would have provided unauthorized individuals with access to patient record systems.

While the protected health information of some patients was viewed by an individual not authorized to view the information, Oklahoma Heart Hospital has not uncovered any evidence to suggest any patient data has been further disclosed or misused; however, out of an abundance of caution, all affected individuals have been notified by mail and advised to monitor their account and explanation of benefits statements for signs of fraudulent activity.

The privacy breach has been reported to the Department of Health and Human Services’ Office for Civil Rights as affecting 1,038 patients.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.