Stolen Documents with PHI Found by a KHOU Employee in Houston Street

A staff of KHOU 11, a CBS-affiliated television station, found abandoned documents that include the protected health information (PHI) of roughly 1,800 patients in a street in Midtown, Houston. The documents had information like the patients’ names, details of diagnosis, treatments, prescribed medications, vital signs, birth dates and admission dates.

KHOU began an investigation and established that the patient documents belonged to five Houston hospitals – MD Anderson Cancer Center, TIRR Memorial Hermann, LBJ Hospital, Memorial Hermann Hospital and Children’s Memorial Hermann. The investigation was concluded with UT Health. According to the report, the physical documents were taken in July from the trunk of a car belonging to a medical resident enrolled at UTHealth’s McGovern Medical School and worked at the aforesaid hospitals as well.

The UT Health officers explained to KHOU that they are aware of the breach nevertheless it wasn’t reported to the law enforcement yet. It was just reported right after KHOU reporters interviewed the medical student. The representative of UTHealth stated that investigation of the PHI breach was immediately launched. Evidently, the stolen documents were disposed of on a city street and were found one day after, which is when a KHOU-TV Channel 11 employee found it. The employee collected the paper files and sent them back to UTHealth for secure keeping. UTHealth didn’t get any report that suggest unauthorized persons viewed any data in the paperwork.

Many questions about the breach still have no answers. Why would any body take the paperwork from the hospital? Why did UTHealth delay the reporting of the theft to the police? What is the reason for not notifying the hospitals regarding the breach? Why wait until KHOU discovered the documents with PHI? UTHealth gave an announcement that affected hospitals will be notifying all patients affected by the breach soon.

About Christine Garcia 1309 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at