University Urology, P.C. of Knoxville, Tenn. has acknowledged a security breach in which an administrative employee provided patient information to a competing healthcare provider for the purpose of the competitor soliciting patient business.
The information was limited to patient names and addresses of 1,144 patients, and University Urology said in statement posted on its website that the data provided to the competitor did not include any Social Security numbers, financial account information, clinical information or other information that is commonly used for identity theft.
This breach was discovered following an investigation that was initiated after University Urology, P.C. began receiving telephone calls on February 13, 2014, from concerned patients stating that they received solicitation letters from a competing provider.
Following its investigation, University Urology, P.C. responded by interviewing the administrative assistant involved in the breach, terminating any access of the administrative employee to University Urology, P.C. patient protected health information, terminating the administrative assistant, changing network passwords, and securing an agreement with the outside provider not associated with University Urology, P.C. to destroy all names, addresses, and patient information of any kind relating to patients of the organization.
While it appears that the information subject to the breach was to be used for patient solicitation and there is absolutely no indication that the information may be used for purposes of identity theft, patients may choose to monitor their credit card, bank, or other financial statements for signs of fraud and identity theft, according to the organization.