At University of Missouri Health Care, we take privacy very seriously, and it is important to us to notify individuals of any potential privacy issues that may impact them.
Upon learning on March 20, 2023, that a workforce member may have been accessing health information in the electronic medical record (EMR) inappropriately, we immediately began an investigation and suspended the workforce member’s access to the EMR.
The subsequent investigation revealed the workforce member used the electronic medical record (EMR) to access 736 medical records between July 2021 and March 2023 potentially without a verified Health Insurance Portability and Accountability Act (HIPAA) purpose.
The accesses may have contained patient information including name, date of birth, medical record number, and limited treatment and/or clinical information, such as diagnostic and/or procedure information.
To date, there is no indication that the information was misused or re-disclosed. However, MU Health Care began mailing notification letters to patients whose information may have been inappropriately accessed, alerting them to the incident and advising them to be vigilant in the event of any suspicious activity involving their accounts.
MU Health Care deeply regrets any concern or inconvenience this incident may cause and remains committed to protecting the security and confidentiality of its patients’ information. We have taken appropriate action according to applicable policies and procedures and to help ensure that a similar incident like this does not occur in the future, we will continue to provide workforce education and training regarding appropriate access to patient information.
Individuals with questions can call MU Health Care’s Privacy Office at (888) 850-2357, between 8 a.m. and 5 p.m. Central Time, Monday through Friday.