Employee shares urology patient info with competitor

April 12--An administrative employee at a Knoxville urology practice released names and addresses of more then 1,100 patients to a competing medical provider in recent months, violating federal patient privacy laws.

The information taken from University Urology, P.C. did not include Social Security numbers, clinical information or financial accounts, according to a release posted on the practice's website and distributed to media by the Knoxville-based Hodges, Doughty & Carson law firm Friday afternoon.

The employee at University Urology, located near the University of Tennessee Medical Center on Alcoa Highway, passed along the names and addresses of 1,144 patients in late 2013 and early 2014 with the intention of allowing the other medical practice to solicit those patients, according to the release.

The breach is a violation of the Health Insurance Portability and Accountability Act of 1996, commonly referred to as HIPAA.

Although University Urology is contacting affected patients by mail, federal law requires the practice to publicly announce the breach.

Calls to University Urology were not immediately returned Friday afternoon, and an attorney with Hodges, Doughty & Carson declined to comment beyond the release.

"We understand that any breach of protected health information is a concern for our patients. We sincerely regret this situation occurred," said Peggy Kares,the HIPAA security officer at University Urology.

The practice first discovered the leak when staff began receiving calls Feb. 13 from concerned patients who said they were getting solicitation letters from a competing provider.

University Urology has fired the employee, changed network passwords and reached an agreement with the other provider to destroy all names, addresses and patient information.

It also stopped allowing administration staff to access patient information and re-trained current employees on patient privacy, according to the public statement.

Though it does not appear identity theft was the motive for the breach, the practice is encouraging all patients to monitor their credit cards, bank statements and other financial information.

Patients seeking information can go to www.urologypc.net or contact Kares at 865-305-5329 or toll free at 800-776-7623.

___

(c)2014 the Knoxville News-Sentinel (Knoxville, Tenn.)

Visit the Knoxville News-Sentinel (Knoxville, Tenn.) at www.knoxnews.com

Distributed by MCT Information Services