HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Two Healthcare Providers Announce Billing-Related PHI Breaches

Loyola University Medical Center and University of New Mexico Hospital have discovered separate mailing-related privacy breaches and have started notifying patients of the exposure of a limited amount of their protected health information.

Loyola University Medical Center Privacy Breach

On April 5, 2016., Loyola University Medical Center discovered billing statements had been sent to incorrect addresses in February 2016. The University had undertaken a project to acquire accurate addresses; however, some billing statements ended up being released to addresses that had not been verified.

A limited amount of protected health information was inadvertently disclosed to unauthorized individuals including patients’ names, along with their account number, dates of service, procedure codes, general descriptions of the medical services provided, and the balances due to be paid. No Social Security numbers, credit card details, or insurance information were disclosed.

In an effort to minimize the probability of similar privacy breaches occurring, Loyola University Medical Center will also be increasing the number of data elements in its address search query and will also be contacting individuals prior to mailing billing statements to ensure the documents are sent to the correct addresses.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

University of New Mexico Hospital Privacy Breach

University of New Mexico Hospital has started notifying 2,827 patients of a breach of personal and medical information that first occurred in late December, 2015.

Patients’ names, service dates, providers’ names, and brief descriptions of the medical services provided were detailed on invoice documents which were mailed out to 18 different addresses over a period of 15 weeks.

In total, 33 invoice documents were mailed between December 22, 2015 and April 2, 2016. Each document contained a different number of names. The mailing error was investigated and determined to have been caused by a technical error, which has now been corrected.

University of New Mexico Hospital has advised patients that its system will be monitored to prevent erroneous mailings of invoices and billing statements in the future.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.