An anonymous individual called Norfolk, Va.-based Sentara Healthcare to notify the hospital that a PDF copy of a Medicare remittance report for Sentara's lab services was uploaded to an Adobe Acrobat website.
On Dec. 19, an individual called the Sentara Compliance Hotline to notify the hospital of the uploaded report. The hospital then visited the site and confirmed that the PDF was from its Sentara's lab services, according to a breach notification from Sentara.
According to the hospital, the PDF was uploaded on Oct. 17 by an individual who was an employee of its medical billing vendor Coronis Health.
On Dec. 20, Coronis Health removed the file from the Adobe site, fired the employee and began retraining employees on how to handle protected health information.
The report contained the protected health information of 741 patients.
Some of the information in the report included patients' names, Medicare ID numbers, dates of service, Current Procedural Terminology codes, the last four digits of their account numbers, the location of service and any outstanding balances on their accounts.
Sentara said it is notifying all affected individuals.