25% off all training courses Offer ends June 26, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends June 26, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Two Healthcare Providers Announce Billing-Related PHI Breaches

Posted By on Jun 7, 2016

Loyola University Medical Center and University of New Mexico Hospital have discovered separate mailing-related privacy breaches and have started notifying patients of the exposure of a limited amount of their protected health information.

Loyola University Medical Center Privacy Breach

On April 5, 2016., Loyola University Medical Center discovered billing statements had been sent to incorrect addresses in February 2016. The University had undertaken a project to acquire accurate addresses; however, some billing statements ended up being released to addresses that had not been verified.

A limited amount of protected health information was inadvertently disclosed to unauthorized individuals including patients’ names, along with their account number, dates of service, procedure codes, general descriptions of the medical services provided, and the balances due to be paid. No Social Security numbers, credit card details, or insurance information were disclosed.

In an effort to minimize the probability of similar privacy breaches occurring, Loyola University Medical Center will also be increasing the number of data elements in its address search query and will also be contacting individuals prior to mailing billing statements to ensure the documents are sent to the correct addresses.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

University of New Mexico Hospital Privacy Breach

University of New Mexico Hospital has started notifying 2,827 patients of a breach of personal and medical information that first occurred in late December, 2015.

Patients’ names, service dates, providers’ names, and brief descriptions of the medical services provided were detailed on invoice documents which were mailed out to 18 different addresses over a period of 15 weeks.

In total, 33 invoice documents were mailed between December 22, 2015 and April 2, 2016. Each document contained a different number of names. The mailing error was investigated and determined to have been caused by a technical error, which has now been corrected.

University of New Mexico Hospital has advised patients that its system will be monitored to prevent erroneous mailings of invoices and billing statements in the future.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist