Chapel Hill, N.C.-based UNC Health is notifying 946 patients that billing information linked to their accounts might have been accessed by another person who was incorrectly given access.
Four details:
- The health system initiated an internal review Sept. 9 of billing fields in its EHR, according to a Nov. 5 news release. One of the billing fields identifies who is authorized to access patient billing information, and individuals in this field can access the patients' billing information. The individual listed in the field is typically a relative of the patient or someone who has access to their billing information.
- For 946 patients, the health system was unable to confirm that the individual listed in the field was authorized to have access to the patients' billing information. Patients' information that may have been inappropriately accessed includes names, addresses, charges or payments for services, and medical-related information.
- Credit card information, Social Security numbers and payer identification numbers were not compromised, according to the release. The health system said there is no reason to believe any affected patients are or will be at financial risk as a result of the breach.
- To mitigate the risks of a similar event, UNC Health cleared and reset this field in its EHR so anyone previously allowed to access patients' billing information no longer has access. UNC Health also changed its EHR administration to limit the number of employees who have access to update this field and retrained their employees who will continue to have access to update this field.