A Health Information Portability and Accountability Act (HIPAA) breach was recently discovered, which might affect the privacy and security of certain health information of some obstetrics and gynecology (OB/GYN) patients treated at Regional One Health (ROH).
The breach may have included the following patient information: first and last name, medical record number, age, date of admission, allergies, service, resident assigned, parity, diagnoses, prenatal provider, laboratory results, medications, fetal or delivery details, contraception, type of infant feeding, and information regarding follow up care.
It is important to note that no other protected health information (PHI), such as date of birth, address, social security number, credit card information, bank account information, or other financial information, was involved.
Through an agreement with ROH, residents from the University of Tennessee Health Science Center see patients at the hospital. Residents are supervised by fully licensed physician faculty members of the University of Tennessee Health Science Center. Beginning in November 2014, the University of Tennessee Health Science Center contracted with a company called KMJ Health Solutions, Inc. (KMJ) to procure a patient handoff software for use by their OB/GYN residents that helps support the appropriate transfer of care and responsibility of patients from one health care provider to another.
On or about November 29, 2023, KMJ reported a security incident to the University of Tennessee Health Science Center after detecting an outage with its computer network server. KMJ’s technical experts immediately erased and reformatted the impacted server’s hard drive. KMJ also hired a cybersecurity firm to assess the nature and scope of KMJ’s malfunctioning server to determine whether it presented any potential threats to KMJ’s computer systems. The investigators were unable to find artifacts or indicators to make a definitive ruling.
Read more at our UTHSC news site.