Arkansas breach due to terminated resident
The University of Arkansas for Medical Sciences (UAMS) is notifying approximately 1,500 patients of a medical records breach involving a resident physician who was terminated in 2010.
UAMS in Little Rock, Ark., recently discovered that a former resident kept some patient lists and notes regarding patients in violation of UAMS' policy after leaving facility on June 3, 2010. The documents the resident kept were from January 2010 to June 2010 and contained patient names, partial addresses, medical record numbers, dates of birth, ages, locations of care, dates of service, diagnoses, medications, surgical and other procedure names, as well as lab results, according to a release. No social security, bank account or credit card numbers were included with this information.
UAMS said its HIPAA Office became aware of this incident Oct. 9 when the resident produced the documents during her lawsuit against UAMS regarding her termination from the residency program. On Nov. 7, UAMS became aware that additional documents the resident kept had been provided to UAMS attorneys June 25. The records are now protected by a court order, which prevents them from becoming a public record and will prevent anyone from further using or disclosing the documents.
The resident also assured UAMS under oath that she did not share the documents with anyone except her attorneys with whom she has a business associate agreement that specifically protects this information.
UAMS is notifying affected patients by mail and through its website.
Editor
Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.