LITTLE ROCK, Ark. (KNWA/KFTA) — The University of Arkansas for Medical Sciences announced in a Jan. 21 news release a breach in its patients’ personal information.
According to the release, on Nov. 29, 2021, UAMS became aware that a former employee sent emails from their UAMS email account to their personal email with patient information attached on Nov. 15.
The information reportedly contained the names of 518 patients, their hospital account numbers, dates of service, insurance type, claim information for billing purposes, medical record numbers, and for a number of patients, their dates of birth and medication information.
The attachments also consisted of Excel spreadsheets used for internal billing compliance auditing purposes and/or billing statements addressed to the health system for reimbursement.
UAMS says no bank account information, home addresses, driver’s license or social security numbers were included. The attachments also did not include any clinical documents or medical records.
Upon discovering the breach, the health system filed a police report with the UAMS Police Department. The Vice Chancellor of Compliance also contacted the employee, who insists it was a mistake, claiming they did not retain or share any of the information.
UAMS takes patient privacy and security seriously, and when we discovered this mistake, we did everything we could to mitigate the risk and prevent similar incidents from happeningHeather Schmiegelow, J.D., UAMS HIPAA privacy officer
According to UAMS, it has policies and procedures to safeguard and protect the privacy and security of patients’ health information, and all employees are trained on these policies and procedures.
“Every year, all employees are required to complete annual HIPAA training. UAMS HIPAA training includes topics such as employees using and accessing patients’ health information for legitimate, authorized purposes needed to perform their job duties,” the health system said.
Patients affected by the incident are being notified through email and by the health system’s website.
If other patients have questions or concerns regarding their information, contact the UAMS HIPAA Office by email at email@example.com or by phone at 501-603-1379. They may also call the Compliance Hotline at 1-888-511-3969 after hours and on holidays.