About 1,200 UTMB patients notified of possible privacy violation

February 11, 2010 8:25:20 AM PST
The University of Texas Medical Branch at Galveston has mailed letters to approximately 1,200 patients whose confidential information had been accessed by an employee of a company hired by UTMB to assist with billing from third-party payers. According to UTMB, MedAssets, a Georgia-based company, employed the individual who accessed the information between July and October of 2009. On December 15, law enforcement officials notified MedAssets that a former employee had been arrested and charged with identity theft; this person is alleged to have used a stolen identity to misrepresent herself and gain employment at MedAssets, and is alleged to have been involved in other unrelated instances of identity theft. None of the charges to date are related to information she obtained during her employment with MedAssets.

UTMB was notified about the incident on January 21 and has been working with law enforcement and MedAssets officials since then.

"We place a priority on our patients' privacy and we sincerely regret this incident," said Carolee King, UTMB vice president for legal and regulatory affairs. "We have reviewed our policies and processes related to vendor access to our systems closely and have enhanced them to ensure that are doing the most we can to protect our patients' information."

In letters UTMB sent to affected patients, they are offered identity theft protection paid by MedAssets. Additionally, they are provided information on obtaining a free copy of their credit reports and how to place a fraud alert on their credit files. Patients are also provided with the names and contact information for law enforcement officers who are investigating the incident. Patients may also visit a special website, http://www.utmb.edu/idtheft_resources/, set up by UTMB to provide additional help and guidance.

UTMB says they will continue to work with MedAssets to protect personal information in their possession and will regularly review and enhance internal procedures and policies with respect to patient information.