Over 1,300 Sonoma Valley Hospital patients have been told that some of their private medical information was mistakenly posted on the hospital’s website. The file contained the name, surgeon, date of procedure, hospital charges and insurance company name of patients who had surgery at the California hospital between July 1st, 2011 and June 30th, 2012.
The file was posted on February 14th and wasn’t discovered by state health officials until April 17th, when it was immediately taken down and the website “scrubbed” to ensure that no other confidential information available.
Breaches such as this are in violation of the Health Insurance Portability and Accountability Act (HIPAA). In this case, the employee who posted the file worked on the website and in the surgery department, two tasks that should be kept separate. An official at the hospital said that future work that’s done on the website will be done on a stand-alone computer that is not connected to patient-related information. All affected patients were notified by letter.
There have been similar cases at Santa Rosa Memorial Hospital as well as Valley Hospital in Napa.