Privacy Incidents Notice
Trinity Health – Accellion Privacy Incident Details
April 5, 2021: For details regarding the Trinity Health – Accellion privacy incident, please visit www.trinity-health.org/accellion-data-event/.
Virtua Health - Mailing Privacy Incident Details
A Notice to Our Patients Regarding a Privacy Incident Involving Patient Health Information
April 16, 2021:
Virtua Health is committed to protecting the privacy and security of our patients’ information. Regrettably, this notice concerns an incident that may have involved some of that information.
On July 1, 2019, Virtua Health, Inc. (“Virtua Health”) acquired Lourdes Health System (“Lourdes”). During the process of adding Lourdes’ electronic patient information into Virtua Health’s electronic medical records system, a subset of current patient home addresses were mistakenly replaced with former addresses from Lourdes’ system. This was due to a technical misconfiguration that has since been resolved. On February 17, 2021, we became aware that due to this incident, between August 15, 2020 and October 2, 2020, mailings from Virtua Health containing patient health information were sent to our patients at their former home addresses. Naturally, we wanted to inform our patients of this incident and sincerely apologize for this incident.
The contents of the mailings varied by individual and may have included patients’ names; former addresses; dates of birth; dates of service; the name of the Virtua Health location where the patient currently or formerly received care; unique Virtua Health identifiers, such as a medical record number, guarantor identification number, or account identification number; Virtua Health account information such as account balance, refund amount, or information regarding an estimate for an anticipated service at Virtua Health; and clinical information, such as a procedure code, diagnosis information, a brief description of the service(s) received from Virtua Health, and/or treatment information. Only one mailing to one person included an insurance policy identification number and social security number. No other social security numbers were shared.
There is no indication that any patient information included in the mailings was misused in any way. However, as a precaution, we are notifying patients whose information may have been included in the mailings. We have also established a dedicated, toll-free call center to answer patients’ questions. Those with questions should call 1-800-246-8877, Monday through Friday, from 8:00 a.m. to 5:00 p.m. Eastern Standard Time. Additionally, we want to remind affected patients that it is always a good idea to review any statements they receive from their health care providers. If they see charges for services that they did not receive, they should contact their health care provider immediately.
We deeply regret any inconvenience or concern this incident may cause. We remain committed to protecting the privacy and security of our patients’ information and have taken steps to help prevent something like this from happening again. Specifically, we updated the impacted patient home addresses in our system to reflect the most recent home address provided to us.