UC San Diego Health Notifies Patients About Vendor Data Collection Issue

On March 16, UC San Diego Health notified patients of a vendor data collection issue. UC San Diego Health’s vendor, Solv Health, used analytics tools without authorization on the scheduling websites for the organization’s Urgent Care and Express Care clinics. Solv Health’s analytics tools captured and transmitted information to its third-party service providers.

The notice says that “Solv Health hosted and managed UC San Diego Health’s scheduling websites for our Express Care and Urgent Care locations. Our Urgent Care is located in La Jolla at 8910 Villa La Jolla Drive, and our Express Care locations include:

• Downtown San Diego - 203 West F St.
• Encinitas - 1505 Encinitas Blvd.
• Eastlake/Chula Vista - 2295 Otay Lakes Road, Suite 110
• Pacific Highlands Ranch - 6030 Village Way, Suite 200
• Rancho Bernardo - 16950 Via Tazon”

Further, “For those who used the scheduling website, between September 13 and December 22, 2022, to book appointments for in-person or video visits at our Express Care or Urgent Care locations, the analytics tools may have captured the following information: first and last name, date of birth, email address, IP address, third-party cookies, reason for visit, and insurance type (e.g., PPO, HMO, Other).”

The notice says that the analytics tools did not collect Social Security numbers, medical record numbers, financial account numbers, or debit/credit card information. The scheduling websites are not part of UC San Diego Health’s electronic health record systems or MyUCSDChart—no information stored in MyUCSDChart was affected by Solv Health’s use of analytics tools.

UC San Diego Health is notifying individuals whose data may have been impacted. The organization says that letters will be mailed on March 20, 2023 to patients with addresses on file.

The notice adds that “In order to protect patient information, UC San Diego Health has taken the following measures:

• Directed Solv Health to remove the analytics tools from the scheduling websites immediately upon our initial discovery of the issue in late December.
• Worked with Solv Health to investigate the issue and identify individuals whose data may have been impacted.
• Transitioned to a new online scheduling tool for our Express Care and Urgent Care Locations.
• Enhanced our vendor assessment and management procedures.
• Notified the U.S. Department of Health and Human Services and applicable California State regulatory agencies of this incident.
• Notified the local media to ensure that all impacted individuals are aware of the breach.”

UC San Diego Health has established a dedicated call center, supported by Experian, to answer questions.