Paperwork That Contains PHI of Oklahoma Heart Hospital Patients Unintentionally Given to Charity

Oklahoma Heart Hospital has begun informing a number of patients regarding a privacy incident wherein paperwork that contains some patient data was unintentionally contributed to charity.

A former worker had written notes by hand that included the protected health information (PHI) of some patients while that person was employed at Oklahoma Heart Hospital from 2011 to 2014.

A few of the ex-worker’s personal belongings were contributed to charity in May 2021, accidentally including the handwritten notes in the given stuff. The person who discovered the written notes contacted Oklahoma Heart Hospital and made arrangements to promptly pick up the paperwork. The paperwork were then cataloged to determine the patients included and the types of data that were exposed.

The notes contained data for example patients’ names, health record numbers, OHH visit numbers, birth dates, ages, genders, admit dates, and clinical data composed of diagnosis, laboratory results, prescription drugs and/or treatment details. No data was compromised that would have given unauthorized people access to the patient electronic health record systems.

Although the PHI of a number of patients was seen by a person not permitted to see the data, Oklahoma Heart Hospital hasn’t found any proof to indicate the further disclosure or misuse of any patient data; nonetheless, as a safety precaution, all impacted people received notification by mail and instructed to keep track of their account and explanation of benefits statements for indications of fraudulent transactions.

Oklahoma Heart Hospital has reported the privacy breach to the Department of Health and Human Services’ Office for Civil Rights as impacting 1,038 patients.

About Christine Garcia 1297 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at