The Chapel Hill, N.C.-based UNC Health Care is notifying patients of a potential data breach where personal information provided by prenatal patients at two obstetric clinics were mistakenly transmitted to local county health departments.
According to a press release from the patient care organization, on March 20, 2017, the chief privacy officer of the University of North Carolina Health Care System sent letters to 1,300 patients who are believed to have completed pregnancy home risk screening forms at their prenatal appointments between 2014 and 2017. Only patients seen at the Women’s Clinic at N.C. Women’s Hospital and UNC Maternal-Fetal Medicine at Rex during this time may have been affected, officials said.
The pregnancy home risk screening forms were used to collect personal information from Medicaid-eligible prenatal patients and were shared with patients’ local health departments in order to connect them with support services. The letter states that a review of the obstetric clinic practices performed by the privacy office revealed that screening forms completed by women who were not eligible for Medicaid may have mistakenly been sent to the county health department where they live.
“If you completed a pregnancy home risk screening form, it may have included information about you, such as demographic information (like your name and address), your race and ethnicity, your Social Security Number, information about your physical and mental health, sexually transmitted diseases, your HIV status, smoking, drug and alcohol use, and medical diagnosis information related to your pregnancy and any prior pregnancies,” the letter to the patients states.
The letter also verifies that all county health departments which may have received these forms are subject to federal and state privacy laws requiring that appropriate technical, administrative and physical safeguards be in place to protect medical information in all forms in their possession. The organization has also requested that the county health departments purge electronic information about non-Medicaid patients from their electronic information systems.
In addition, UNC Health Care noted that the obstetric clinics have revised their process and procedure for patients completing the pregnancy home risk screening form to ensure that only forms completed by Medicaid patients are sent to county health departments. Further, all appropriate personnel have been trained on this new process the press release noted.
