Harris Health’s investigation determined that the impermissible access to patient information occurred between January 4, 2011, and March 8, 2021. The patient information involved may include: demographic information (name, date of birth, address, email address, telephone number, medical record number); clinical information (diagnoses, medical history, medications, immunizations, provider name, dates of service); and insurance information, which for a limited number of patients may have contained their Social Security number.
Beginning today, Harris Health is mailing notification letters to patients whose electronic medical record may have been impermissibly accessed by the former employee. Patients are encouraged to review any statements they receive from their health insurers and report any charges for services they did not receive to the insurer immediately. Harris Health is also offering to patients whose Social Security number may have been involved with complimentary credit monitoring and identity protection services. Information on how to activate those services is included in the letters being sent to those patients. Harris Health has also established a dedicated toll-free call center for patients to call with questions at 1-866-291-1870, available Monday through Friday between 8 a.m. to 5:30 p.m. Central Time.
Harris Health takes the privacy of its patients’ information very seriously. Harris Health terminated the employee responsible for the incident and will continue to take steps to help prevent a similar incident from occurring in the future, including thoroughly investigating privacy complaints and providing ongoing training to its workforce of the importance of protecting patient privacy. Harris Health has also implemented enhanced proactive monitoring and auditing capabilities that will assist Harris Health in detecting and preventing similar incidents from occurring in the future.