Notice of Disclosure of Protected Health Information
On December 19, 2022, we received a report from an anonymous individual to the Sentara Compliance Hotline. The person made us aware that while searching online for information about converting a PDF to a different format, they noted that an individual had uploaded a PDF copy of a Medicare remittance document to an Adobe Acrobat website. In response to this report, we went to the website and confirmed that a PDF copy of a Medicare remittance report for Sentara Lab services had been uploaded to the Adobe Acrobat site on October 17, 2022. On that same date, we identified that the individual who uploaded the document was an employee of our business associate, Coronis Health (“Coronis”). Sentara Lab Services contracts with Coronis to assist with processing billing related information for lab related services.
We notified Coronis of this matter on December 19, 2022. Coronis took immediate steps to investigate this matter and to remove the information from the Adobe Acrobat site. The PDF was removed from the Adobe Acrobat site on December 20, 2022. Coronis terminated the employee who posted the information to the Adobe Acrobat site. Coronis then re-trained and re-educated their entire team on Coronis Health policy and procedure regarding the proper use and handling of protected health information.
The information for each affected individual included their name, their Medicare ID number, the date of service, Current Procedural Terminology or “CPT” codes (codes used to describe medical procedures performed by health care providers), the last four digits of the account number, the location of service (the Sentara Lab), and any outstanding balance on the account. No other information was disclosed as a result of this matter.
Sentara is notifying potentially impacted patients via written letter for those individuals for whom we have a valid mailing address. That notice will include information on steps individuals can take to protect themselves against potential fraud or identity theft. We are providing free credit monitoring to individuals whose information was included. Additionally, as a general matter, we recommend that individuals regularly monitor credit reports, account statements and benefit statements. If individuals detect any suspicious activity, they should notify the entity with which the account is maintained, and promptly report any fraudulent activity to proper law enforcement authorities, including the police and their state attorney general. In addition, anyone looking for information on fraud prevention can review tips provided by the FTC at www.ftc.gov/idtheft.
We take our responsibility to safeguard personal information seriously and apologize for any inconvenience or concern this incident might cause. We are committed to taking steps to help prevent something like this from happening again, including evaluating additional platforms for educating staff and reviewing technical controls.
Patients with further questions can call 1-833-723-0582 from 9:00 a.m. to 5:00 p.m. ET, Monday through Friday.
We notified Coronis of this matter on December 19, 2022. Coronis took immediate steps to investigate this matter and to remove the information from the Adobe Acrobat site. The PDF was removed from the Adobe Acrobat site on December 20, 2022. Coronis terminated the employee who posted the information to the Adobe Acrobat site. Coronis then re-trained and re-educated their entire team on Coronis Health policy and procedure regarding the proper use and handling of protected health information.
The information for each affected individual included their name, their Medicare ID number, the date of service, Current Procedural Terminology or “CPT” codes (codes used to describe medical procedures performed by health care providers), the last four digits of the account number, the location of service (the Sentara Lab), and any outstanding balance on the account. No other information was disclosed as a result of this matter.
Sentara is notifying potentially impacted patients via written letter for those individuals for whom we have a valid mailing address. That notice will include information on steps individuals can take to protect themselves against potential fraud or identity theft. We are providing free credit monitoring to individuals whose information was included. Additionally, as a general matter, we recommend that individuals regularly monitor credit reports, account statements and benefit statements. If individuals detect any suspicious activity, they should notify the entity with which the account is maintained, and promptly report any fraudulent activity to proper law enforcement authorities, including the police and their state attorney general. In addition, anyone looking for information on fraud prevention can review tips provided by the FTC at www.ftc.gov/idtheft.
We take our responsibility to safeguard personal information seriously and apologize for any inconvenience or concern this incident might cause. We are committed to taking steps to help prevent something like this from happening again, including evaluating additional platforms for educating staff and reviewing technical controls.
Patients with further questions can call 1-833-723-0582 from 9:00 a.m. to 5:00 p.m. ET, Monday through Friday.