MidMichigan notifies patients of potential breach

MidMichigan Medical Center-Alpena notified approximately 1,900 patients last week about a potential breach of personal data, according to a press release. The information may have included patient names, addresses, social-security numbers and clinical data.

The incident that gave rise to the medical center’s investigation occurred during the late evening hours of Nov. 18 when a physician inappropriately removed patient documents from MidMichigan Medical Center-Alpena’s cardiology office. The documents were transported in a storage container that was not properly secured. The storage container was dropped in a public parking lot in Alpena, and the contents spilled out onto the ground. Upon notification of the incident, the medical center contacted local law enforcement and they assisted in collecting the records.

“We believe that all of the records were retrieved and the risk to patients is low; however, that cannot be fully validated,” Richard Bates, M.D., vice president of medical affairs MidMichigan Medical Center-Alpena, said. “Therefore, upon completion of the investigation, we informed the physician’s patients to make them aware of the potential breach. As a result of the inappropriate removal of these records, the physician is no longer employed with the medical center.”

In addition to informing patients of the potential breach of personal data, the medical center also provided information regarding identity-theft protection.

“We deeply regret this situation occurred,” Bates said. “We take matters related to the security of our patients’ personal information very seriously because it is our responsibility to protect their privacy. We have rigorous processes and procedures in place to detect breaches and to protect patients’ rights.”

Those patients receiving a letter, and anyone else with questions related to this incident, may contact Stacey Crane, privacy officer, MidMichigan Medical Center-Alpena, at 356-5268.