HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
On September 8, 2020, Mary Rutan Hospital became aware of a potential Health Insurance Portability and Accountability Act incident. As required by federal regulations, Mary Rutan Hospital’s website had a link that provided information regarding Diagnosis Related Groups (“DRG”). A DRG is a patient classification system that standardizes prospective payment to hospitals. In general, a DRG payment covers all charges associated with an inpatient stay from the time of admission to discharge. This link made available a database in Excel sheet format that inadvertently included multiple tabs and on two of those tabs, patient health information (“PHI”) was included which consisted of patient account numbers, names, dates of birth, the dates of service, the reason for the visit, the DRG Code, the total cost of the visit, how much insurance paid, the adjusted amount, and the balance due, if any. The incident did not result in the exposure of any addresses, credit card information, Social Security Numbers, banking information, or other similar high-risk data. Mary Rutan Hospital does not have any actual knowledge that the link was ever accessed by a third party; however, out of an abundance of caution all affected individuals were notified via mail. Because of the limited information that may have been disclosed and the limited extent to which it would have been disclosed, we do not believe patients need to take any action to protect themselves from the effects of this incident. Upon discovering the link, Mary Rutan Hospital on September 8, 2020 deactivated the link and removed the tabs with patient PHI. Mary Rutan Hospital also implemented procedures to be followed prior to publishing DRG data on its website to prevent similar incidents. Individuals affected may contact Mary Rutan Hospital at the following toll-free phone number with questions or for additional information: 1-888-292-0910 or by emailing firstname.lastname@example.org.