UAMS victim of a personal information breach

LITTLE ROCK, Ark. (KNWA/KFTA) – The University of Arkansas for Medical Sciences announced in a January 21 press release a breach of the personal information of its patients.

According to the statement, on November 29, 2021, UAMS learned that a former employee had sent emails from his UAMS email account to his personal email with patient information attached on November 15.

The information contained the names of 518 patients, their hospital account numbers, dates of service, type of insurance, claim information for billing purposes, medical record numbers and, for a number of patients, their dates of birth and medication information.

Attachments also consisted of Excel spreadsheets used for internal billing compliance audit purposes and/or billing statements sent to the health system for reimbursement.

UAMS says no bank account information, home address, driver’s license number or social security number was included. The attachments also did not include any clinical documents or medical records.

After discovering the violation, the health system filed a police report with the UAMS Police Department. The Vice Chancellor for Compliance has also contacted the employee, who insists it was a mistake, saying he did not keep or share any of the information.

UAMS takes patient privacy and safety seriously, and when we discovered this error, we did everything we could to mitigate the risk and prevent similar incidents from occurring.

Heather Schmiegelow, JD, UAMS HIPAA Privacy Officer

According to UAMS, it has policies and procedures to safeguard and protect the confidentiality and security of patient health information, and all employees are trained in these policies and procedures.

“Each year, all employees must complete annual HIPAA training. UAMS HIPAA training includes topics such as employees using and accessing patient health information for legitimate and authorized purposes necessary to perform their job duties,” the health system said.

Patients affected by the incident are notified by email and through the health system’s website.

If other patients have questions or concerns about their information, contact the UAMS HIPAA office by email at hipaa@uams.edu or by phone at 501-603-1379. They can also call the Compliance Hotline at 1-888-511-3969 after hours and on holidays.