1. Cybersecurity
    2. Privacy/Security

    UC San Diego Health Notifies Patients About Vendor Data Collection Issue

    March 17, 2023
    UC San Diego Health notified patients on its website on March 16 that one of its vendors, Solv Health, used analytics tools without permission on scheduling websites
    Photo 245691320 © Rawf88 | Dreamstime.com
    Dreamstime Xxl 245691320 64147846e6d73

    On March 16, UC San Diego Health notified patients of a vendor data collection issue. UC San Diego Health’s vendor, Solv Health, used analytics tools without authorization on the scheduling websites for the organization’s Urgent Care and Express Care clinics. Solv Health’s analytics tools captured and transmitted information to its third-party service providers.

    The notice says that “Solv Health hosted and managed UC San Diego Health’s scheduling websites for our Express Care and Urgent Care locations. Our Urgent Care is located in La Jolla at 8910 Villa La Jolla Drive, and our Express Care locations include:

    • Downtown San Diego - 203 West F St.
    • Encinitas - 1505 Encinitas Blvd.
    • Eastlake/Chula Vista - 2295 Otay Lakes Road, Suite 110
    • Pacific Highlands Ranch - 6030 Village Way, Suite 200
    • Rancho Bernardo - 16950 Via Tazon”

    Further, “For those who used the scheduling website, between September 13 and December 22, 2022, to book appointments for in-person or video visits at our Express Care or Urgent Care locations, the analytics tools may have captured the following information: first and last name, date of birth, email address, IP address, third-party cookies, reason for visit, and insurance type (e.g., PPO, HMO, Other).”

    The notice says that the analytics tools did not collect Social Security numbers, medical record numbers, financial account numbers, or debit/credit card information. The scheduling websites are not part of UC San Diego Health’s electronic health record systems or MyUCSDChart—no information stored in MyUCSDChart was affected by Solv Health’s use of analytics tools.

    UC San Diego Health is notifying individuals whose data may have been impacted. The organization says that letters will be mailed on March 20, 2023 to patients with addresses on file.

    The notice adds that “In order to protect patient information, UC San Diego Health has taken the following measures:

    • Directed Solv Health to remove the analytics tools from the scheduling websites immediately upon our initial discovery of the issue in late December.
    • Worked with Solv Health to investigate the issue and identify individuals whose data may have been impacted.
    • Transitioned to a new online scheduling tool for our Express Care and Urgent Care Locations.
    • Enhanced our vendor assessment and management procedures.
    • Notified the U.S. Department of Health and Human Services and applicable California State regulatory agencies of this incident.
    • Notified the local media to ensure that all impacted individuals are aware of the breach.”

    UC San Diego Health has established a dedicated call center, supported by Experian, to answer questions.

    Continue Reading

    Sponsored Recommendations

    Six Cloud Strategies to Combat Healthcare's Workforce Crisis

    The healthcare workforce shortage is a complex challenge, but cloud communications offer powerful solutions to address it. These technologies go beyond filling gaps—they are transformin...

    Transforming Healthcare with AI Powered Solutions

    AI-powered solutions are revolutionizing healthcare by enhancing diagnostics, patient monitoring, and operational efficiency - learn how to integrate these innovations into your...

    Enhancing Healthcare Through Strategic IT and AI Innovations

    Learn how strategic IT and AI innovations are transforming healthcare - join Tomas Gregorio as he explores practical applications that enhance clinical decision-making, optimize...

    The Intersection of Healthcare Compliance and Security in the Age of Deepfakes

    As healthcare regulations struggle to keep up with rapid advancements in AI-driven threats like deepfakes, the security gaps have never been more concerning.