Patients at UNC Health Notified of Potential Privacy Issue
According to a Nov. 5 press release, UNC Health announced that it is mailing letters to 946 patients to notify them that “certain limited billing information associated with their account may have been accessed by another person without appropriate authorization.”
The release states that “On Sept. 9, 2021, UNC Health initiated an internal review of billing fields in its electronic medical record system. One of the billing fields in the electronic medical record system can be used to identify an individual who is authorized to have access to the patient’s billing information. By listing an individual in this field, the individual can then electronically access certain limited billing information associated with the patient. Typically, the individual listed in the field is a relative of the patient or someone else who has appropriate access to the patient’s billing information. Following UNC Health’s review, it was not able to conclusively determine, in 946 cases, that the individual named in the patient’s account was in fact authorized to access the patient’s billing information. Although UNC Health believes that with respect to many of the 946 cases, the individual listed may be a relative or someone who does appropriately have access to the patient’s billing records, UNC Health is notifying all 946 patients of the issue.”
Further, “Information accessed by the individual named in the patient’s account includes demographic information (such as patient name and address) and limited clinical information (such as dates of service and a brief description of the services provided on those days) as well as information about the charges and payments related to these services. No credit card, debit card, or bank account numbers, driver’s license numbers, insurance identification numbers, or Social Security numbers could have been or were accessed. Accordingly, UNC Health has no reason to believe that any affected patient is or will be at financial risk as a result of this issue.”
The release continues that in response to this issue, UNC Health cleared and reset the field in its EHR system so that anyone who was previously authorized to access patient billing information by being listed in the field will no longer have such access. Patients were also provided with instructions on how to regain access to their billing information for the named individual. UNC has also changed its EHR system administration to limit staff members who have access to update the field and retrained the staff who will continue to have access to update the field.