LSU database gaffe leads to HIPAA breach

8,300 patients notified

This story has been updated. 

Siemens Healthcare and Louisiana State University at Shreveport are notifying 8,330 patients of a HIPAA breach following a database mishap that resulted in billing and treatment information being mailed to the wrong patients. 

Officials discovered the breach March 18 after LSU began receiving calls from patients saying their bills were incorrect. "After an investigation, it was discovered that an error had occurred in one computer data entry field," a LSU website notice reads. "When printing statements, this error caused the names and treatment information for one patient to incorrectly align with another person’s mailing address."
 
LSU Shreveport Spokesperson Sally Croom said a variety of medical treament data was compromised in the breach, such as complete blood count tests, vaccinations and other medical tests. The letters did not contain Social Security numbers, financial data and dates are birth, Croom confirmed. 
 
Notification letters were mailed to affected patients May 15. 
 
When asked whether Siemens Healthcare or LSU were responsible for the database error, Croom said, "Our focus has been on fixing the problem . . . and that involves safeguards for the database on both our parts," in an emailed statement to Healthcare IT News
 
Added Croom, "Patient privacy is very important to us at LSU Health Shreveport, and we will continue to work with Siemens to ensure that the billing process executes correctly and without errors."