Substitute Notification of Possible PHI Disclosure
Sep 13, 2023
NYC Health + Hospitals is posting this notice in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which requires NYC Health + Hospitals to notify affected individuals of the unauthorized disclosure of their protected health information (PHI). On May 17, 2023, NYC Health + Hospitals became aware that some of its patients’ PHI had been inappropriately disclosed; however, the Office of Corporate Compliance was not notified until July 25, 2023.
The incident that caused the unauthorized disclosure of PHI occurred at NYC Health + Hospitals/Kings County (“Kings County”) between February 2023 and April 2023, when a Kings County employee allowed a former Kings County employee access to Kings County to assist in the collection of specimens for laboratory tests from Kings County patients. The disclosed PHI included patients’ names, dates of birth, medical record numbers, locations within the hospital, and laboratory tests ordered.
No financial information or other identifiers were disclosed during the incident. There is also no evidence to suggest that the disclosed PHI has been misused in any manner.
If you had laboratory tests performed at Kings County between February 2023 and April 2023, your PHI might have been inappropriately disclosed. If you would like more information, please call us toll free at 888-91-HIPAA (888-914-4722) from 9:00 am to 5:00 pm (Eastern Time), Monday through Friday.
NYC Health + Hospitals has taken measures to ensure this type of incident does not occur again. Specifically, the employee who granted the former employee access to Kings County is no longer employed by NYC Health + Hospitals. In addition, a notice will be sent to NYC Health + Hospitals laboratory personnel advising them that they are prohibited from allowing non-employees access to any of its facilities. Consistent with federal regulatory requirements, NYC Health + Hospitals will notify the Office for Civil Rights (OCR), the federal oversight agency for HIPAA enforcement, of this incident.