HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Texas Health Resources Reports Data Breach Affecting 82,577 Patients

82,577 patients of Texas Health Resources have had some of their health information impermissibly disclosed as a result of a misconfiguration of its billing system.

Texas Health Resources is one of the largest faith-based health systems in the United States and the largest in North Texas, with facilities in 16 counties serving more than 7 million patients.

On August 23, 2019, Texas Health Resources learned that an error in its billing system had resulted in patient information being incorrectly matched with guarantors. The error caused mailings to be sent to incorrect patients or their guarantors. The error occurred on July 19, 2019 and affected mailings up to September 4, 2019.

An investigation was launched to determine which individuals had been affected and the types of patient information that had been impermissibly disclosed. The investigation revealed the following types of information were included in the mailings and had been sent to incorrect individuals: Name, service date, account number, names of treating physicians, name of health insurer, amount owed, and in some cases, a short description of the services received. Highly sensitive information such as Social Security numbers, financial information, and health insurance numbers were not involved. Affected individuals were notified by mail on October 22.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Texas Health Resources has taken steps to prevent similar errors from occurring in the future and has enhanced its data security procedures.

The impermissible disclosure has been reported to the Department of Health and Human Services’ Office for Civil Rights in 15 separate breach reports, one for each of the facilities affected.

The affected hospitals are listed below:

Affected Hospitals Individuals Affected
Texas Health Harris Methodist Hospital Fort Worth 14,881
Texas Health Presbyterian Hospital Dallas 12,415
Texas Health Presbyterian Hospital Plano 9,678
Texas Health Harris Methodist Hospital Southwest Fort Worth 7,478
Texas Health Presbyterian Hospital Denton 6,688
Texas Health Arlington Memorial 6,187
Texas Health Harris Methodist Hospital Hurst-Euless-Bedford 4,804
Texas Health Presbyterian Hospital Rockwall 4,789
Texas Health Harris Methodist Hospital Alliance 3,784
Texas Health Presbyterian Hospital Allen 2,993
Texas Health Harris Methodist Hospital Cleburne 2,737
 Texas Health Harris Methodist Hospital Kaufman 2,157
Texas Health Harris Methodist Hospital Azle 2,113
Texas Health Harris Methodist Hospital Stephenville 1,348
Texas Health Harris Methodist Southlake 525

Rosenbaum Dental Group Breach Notification Error Prompts Further Notifications

Florida-based Rosenbaum Dental Group discovered malware had been downloaded onto its systems that potentially gave unauthorized individuals access to the PHI of around 1,200 patients. Affected individuals were notified about the breach on July 1, 2019; however, the breach notifications issued to affected patients were sent on postcards rather than letters. That allowed individuals to be identified as patients of Rosenbaum Dental Group.

In a recent press release, Rosenbaum Dental Group issued an apology about the error and potential HIPAA breach and has confirmed that notification letters are now being sent to advise patients about the error. Affected individuals are being offered one year of complimentary credit monitoring services as a precaution.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.