Message fromFenway Health regarding HIPAA Breach
On or about September 25, 2023, Fenway Health began hearing from some of our patients reporting that they had been sent invoices intended for other Fenway Health patients. The invoices identified the Fenway Health patient who had received services, the name of the clinician who provided care to the patient, the date(s) of service, and the amount due for those services.
Fenway Health immediately contacted the vendor used to mail out invoices and learned that that a single stray character in the data file used by the vendor to print invoices caused a misalignment of the mailing information and the patient invoice information, and that 600 patients were affected.
Fenway Health corrected the patient record that caused the misalignment and our vendor has instituted protocols to scan data files looking for errors that might disrupt the accurate alignment of information or otherwise cause patient data to be sent to the incorrect address. As part of Fenway Health's ongoing commitment to the security of information, all policies and procedures related to this data error are being reviewed and additional training is being conducted to reduce the likelihood of a similar future event.
Patients' personal information was not published or shared beyond mailing it to another individual, nor was the personal information stolen by an unauthorized actor. To date, Fenway Health has no evidence of any actual or attempted misuse of patient information as a result of this incident.
Fenway Health is deeply committed to maintaining the privacy of our patients, and impacted patients are being notified by mail. Fenway Health encourages all patients to remain vigilant against incidents of identity theft and fraud, to review their account statements and explanation of benefit forms, and to monitor their free credit reports for suspicious activity and to detect errors.