HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

UNC Health Care Reports Exposure of 1300 Prenatal Patients’ PHI

Prenatal patients who visited certain obstetric clinics operated by UNC Health Care are being notified that some of their protected health information has been disclosed to local health departments by mistake.

Pregnancy Home Risk Screening Forms of Medicaid-eligible patients are sent to local health departments to ensure those individuals are connected with appropriate support services. However, UNC Health Care has discovered that in addition to Medicaid-eligible patients, forms relating to patients who were not eligible for Medicaid were also sent to local health departments. In total, around 1,300 patients have been affected.

The privacy breach affects women who had prenatal appointments at the UNC Maternal-Fetal Medicine at Rex Hospital or the Women’s Clinic at the North Carolina Women’s Hospital between April 2014 and February 2017.

Pregnancy Home Risk Screening Forms contain patients’ names and addresses, race and ethnicity, Social Security numbers, health and mental health histories, details of patients’ HIV status, any sexually transmitted diseases contracted, medical diagnoses related to the pregnancy or past pregnancies, details of drug and alcohol use and whether the patients were smokers.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Patients whose privacy has been violated were informed of the breach by mail on March 20, 2017. Patients have been advised that the health departments that have been sent the information are covered by state and federal laws put in place to protect patient privacy. Those health departments must have appropriate administrative, technical and physical safeguards in place to protect all protected health information that is received and stored.

Consequently, the risk of any sensitive information being used inappropriately is believed to be low, although as a precaution, all individuals affected by the breach have been offered fraud resolution services in case any experience identity theft or fraud as a result of the incident.

To prevent future breaches of this nature from occurring, UNC Health Care has updated its policies and procedures covering patients who complete the Pregnancy Home Risk Screening Form and all staff members have been trained on the new procedures. In future, only forms completed by Medicaid-eligible individuals will be sent to county health departments.

UNC Health Care has requested all county health departments purge any information relating to non-Medicaid-patients from their databases.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.