If you had an operation at Sonoma Valley Hospital between July 1, 2011, and June 30, 2012, you may have left more than your appendix behind.
The Hospital admitted this week that on Feb. 14, an employee accidentally posted personal information for 1,350 surgery patients on the hospital website – including patient’s names, procedure, surgeon, date of service, hospital charges and the name of insurance companies.
According to press reports in healthitsecurity.com, the hospital didn’t learn of the accidental posting until April 17, which means the information was freely available on the Internet for over two months.
When the discovery was made in April, SVH says they told the affected patients immediately though the news has only reached the press this week.
Other stories in the Sonoma Valley Sun , the Press Democrat and elsewhere confirm the general outline of the incident.
According to the North Bay Business Journal, “Such a disclosure is in violation of the Health Insurance Portability and Accountability Act, the institution said. A 1981 California law allows for damages of $1,000 per patient whose private record was wrongfully disclosed.”
On the bright side, the information posted did not include Social Security numbers, birthdates, driver’s license information or personal addresses, according to Rick Reid, chief financial officer and compliance officer for 83-bed Sonoma Valley Hospital.
