Share Tweet Share Email Print

OHSU breach notification

This post provides substitute breach notification to 35 patients whom we could not otherwise directly notify
OHSU logo (stylized depiction of a flame in signature yellow, green , blue and dark grey)

On Feb. 8, 2021, OHSU business associate Med-Data, Incorporated (Med-Data) notified OHSU that a former Med-Data employee had posted patient information on a public website. After Med-Data discovered the posting, they immediately removed the information, conducted a forensic review to determine which OHSU patients were impacted and provided a list to OHSU. Med-Data helps OHSU identify health insurance options for its uninsured patients.

The posted information included patients’ full name, address, date of birth, medical record number, hospital name (OHSU), billing account number, health insurance plan name, health insurance subscriber identification number, clinical diagnosis, treatment information and billing claim information. The information did not include any financial information or Social Security numbers.

OHSU promptly notified all impacted individuals for whom it had addresses. Despite exhausting all possible contact options, OHSU was unable to directly notify 35 patients due to out-of-date contact information (no known home address or phone number, and MyChart account not activated).

This post is intended to provide substitute notice of breach to these patients because we could not otherwise notify them directly. If you received services from OHSU between 2018 and 2019 and did not have health insurance at the time you received those services, you may call 1- 833-860-0388 to determine whether your information was impacted.

Previous Story Settlement reached in sexual assault lawsuit