HIPAA Privacy Breach Notification for Current and Former BCHS Patients
Berea College Health Service (BCHS), a department of Berea College and medical care provider for the Berea College campus community, recently recognized during a review that it did not have a written agreement to protect patients’ medical privacy with a contractor who handled insurance billing for BCHS from January 2012 through October 2013. The provisions of the Health Insurance Portability and Accountability Act (HIPAA) required BCHS to have such an agreement in place when the contractor began providing services in January 2012.
Although this contractor had access to medical records, including names, addresses, dates of births, insurance numbers, social security numbers, and diagnosis and treatment information, BCHS has no reason to believe that any patient information has been misused or disclosed inappropriately. We did not have a written agreement in place because BCHS failed to request it. The contractor has advised us that patient health information was used and disclosed only for BCHS billing and for no other purpose, and we have been assured that the contractor has returned to BCHS or destroyed any patient information that she might have accessed. Nevertheless, we are obligated to notify you of this issue.
We assure you that BCHS and Berea College are treating this matter very seriously and we are working to ensure something like this does not happen again. Going forward, BCHS will obtain written agreements assuring the security of your health information with all vendors whose services require access to patient information.
BCHS previously sent notification letters to patients who may be affected by this situation; however, some of them were returned to us. We are posting this notice in hopes of reaching as many affected persons as we can. If you did not receive a notification letter and are concerned you might have been among the affected patients, please call 800-457-9846 and ask to be transferred to Ms. Amy Grant, BCHS office manager. She will let you know if you were among those affected.
While we emphasize that we have no evidence that patient information has been misused, we encourage patients who believe they might have been affected to visit www.annualcreditreport.com to review their free credit reports for any unusual activity, and to review mailings from their health insurer for any treatment they did not receive.
BCHS and Berea College take patient privacy and their obligations under HIPAA very
seriously. The privacy and security of patient health information are among our highest
priorities. If you have questions about this notice or want to learn additional information,
such as whether your information was affected, please call the 1-800 number listed above or write to Berea College Health Services, CPO 2174, Berea College, Berea, KY 40404.
We regret any inconvenience or concern that this matter may have caused you.