Patient contacts lawyer after protected health information compromised
Hazleton resident Shannon Konopinski worries her personal health information and family medical history could end up on the Internet and she has contacted lawyers.
She is upset about a letter she received stating that a former Geisinger Wyoming Valley Medical Center physician sent her protected health information to his home e-mail in an un-encrypted manner.
Konopinski was one of nearly 3,000 patients that Geisinger Health System notified in letters stating their protected health information was disclosed in an unauthorized manner.
The letters state that former Geisinger Wyoming Valley Medical Center gastroenterologist Dr. David C. Shaefer e-mailed a limited amount of protected health information from a Geisinger computer to his home e-mail account in an un-encrypted manner so he could analyze his procedures.
Anyone who did not receive a letter and has questions should call 1-888-777-9863.
Schaefer no longer works for Geisinger and he could not be reached for comment Tuesday. When asked why he is no longer with Geisinger, spokesman Matthew Van Stone said he could not comment on personnel issues.
Van Stone said it is unlikely that anyone except the physician saw the information. Since he sent patient information in an un-encrypted manner over an Internet connection, however, Geisinger took "appropriate action" and notified patients through letters and a press release.
According to the press release from Geisinger, the information includes patient names, Geisinger medical record numbers, procedure, indications and the physician's brief impressions regarding the care provided. It did not include addresses, telephone numbers, Social Security numbers, patient account information or any financial information that could make affected patients vulnerable to identity theft.
"Immediately upon speaking with the physician, he contacted and authorized his home e-mail provider to delete the protected health information from its network and servers," said Geisinger Privacy Officer John Gildersleeve. "He also deleted this information from his home computer."
Geisinger notified patients as part of its health information security program and in compliance with the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.
"We have reviewed our internal practices and taken appropriate action to avoid reoccurrence," Gildersleeve said. "With the short time frame and the doctor's forthright explanation, we believe there is little risk that the protected health information was seen by anyone other than the physician himself. We take our commitment to maintaining our patients' privacy seriously and regret any inconvenience this inadvertent disclosure may have caused."