High quality health care provided in a safe, patient- and family-centered environment is the foundation of Emory Healthcare’s mission. At Emory Healthcare, we’re committed to transparency in communications with our patients, recognizing your right to be informed about all aspects of your care, treatment and service.
With that said, we want to inform our community of a recent situation that may impact some of our patients. Emory Healthcare has determined that 10 backup discs containing information on surgical patients treated between September 1990 and April 2007 are missing from a storage location at Emory University Hospital.
Upon discovery that the discs were missing, an extensive search and investigation was initiated and is continuing. It is important to note that there was no actual or attempted breach or “hacking in” of Emory’s electronic medical records or other systems.
Our investigation into the matter has determined that the discs were removed between February 7, 2012, and February 20, 2012. The information contained on the missing discs is related to approximately 315,000 surgical patients treated at Emory University Hospital, Emory University Hospital Midtown (formerly Emory Crawford Long Hospital) and The Emory Clinic Ambulatory Surgery Center. The information did not relate to patients at other Emory Healthcare facilities or to patients treated after April 2007. Approximately 228,000 of the records on the discs included Social Security numbers; another approximately 87,000 records did not include Social Security numbers.
“We sincerely regret this incident and want to assure our patients that we are committed to safeguarding their personal information,” said John T. Fox, president and CEO of Emory Healthcare. “While we have no evidence at this time that any personal information has been misused as a result of this incident, we want to take all precautions to ensure our patients’ information is safe. We are moving forward expeditiously with providing all affected patients, at our cost, access to identity protection services, including credit monitoring.” Our patients are being informed through personal letters mailed to their homes, which provides details on the occurrence, actions taken to locate the discs and steps patients can take now to protect themselves against possible identity theft. Emory Healthcare is recommending that individuals regularly review their credit reports for anything they do not recognize, and to consider using the other services being provided by Emory, as specified in the letter. For more information on steps patients can take to avoid potential problems, view Emory Healthcare’s “Notice to Our Patients” at www.emoryhealthcare.org/protection.
Our Emory Healthcare culture supports open organizational dialogue. We are grateful for all of our team members who support our culture by raising their hands when they find an opportunity for us to learn from teachable moments such as this one.
Emory Healthcare has launched an institution-wide initiative to reinforce and clarify existing policies and procedures for safeguarding the security and privacy of sensitive information. In addition, Emory is conducting a comprehensive inventory of all physical spaces across the system to ensure data are properly secured.
A toll-free Emory Healthcare Support Center hotline (1-855-205-6950) providing information on the incident has been established to address patient questions and is available 9 a.m. to 6 p.m. (Eastern Daylight Time).
For more information, patients may also visit: www.emoryhealthcare.org/protection.