Baystate Health recently addressed a privacy incident that involved the accidental disclosure of a patient’s medical records. On August 1, 2024, Baystate learned that another patient had inadvertently received a copy of someone else’s medical records due to an error by the Health Information Management department. The incident occurred on July 16, 2024, when an employee mistakenly mailed the wrong records, leading to a review to understand the scope of the breach. Baystate confirmed that the recipient returned the misdirected documents.
The information exposed in the error included sensitive personal and clinical details such as the patient’s name, address, date of birth, Social Security number, phone number, visit notes, laboratory results, medications, and radiological images. The records pertained to treatments conducted between December 2013 and June 2024. While Baystate stated that it has no evidence of any misuse of the disclosed Social Security number, it acknowledged the seriousness of the situation and its potential impact on the affected patient.
In response to the breach, Baystate implemented corrective measures, including taking appropriate action with the employee involved in the error. The organization also extended a complimentary two-year membership in Experian’s IdentityWorks Credit 3B to the affected patient. This identity protection service is designed to monitor for potential misuse of personal information and offers support for identity theft resolution. However, due to privacy regulations, Baystate cannot directly enroll patients in this service.
Baystate emphasized its commitment to protecting patient privacy and expressed regret for the incident. The organization encouraged affected individuals to contact their office with any questions or concerns, providing both a phone number and email for further assistance. Baystate reassured its patients that measures are being taken to prevent similar incidents in the future and to safeguard sensitive information.
Reference:
