1,081 St. Louis Patients Notified About Inappropriate Disclosure of PHI

MS Center of Saint Louis and Mercy Clinic Neurology Town and Country told 1,081 of its patients that some pharmaceutical firms and third-party agencies may contact them for purposes of marketing and research, but these entities did not get permission or instruction from the hospitals.

Under HIPAA Rules, patients are not allowed to be contacted for the purpose of marketing or research except if the patients gave their consent first. But because of an error, the patients’ information were disclosed to third parties. As a result, the patients may possibly be contacted by phone, mail or email as.

The MS Center and Mercy Clinic Neurology Town and Country stated that they accidentally sent the medication onboarding forms to pharmaceutical companies, despite the fact that the patients have not signed the forms yet. The error likewise resulted in the impermissible disclosure of patients’ protected health information (PHI).

PHI specified on the forms included the patients’ names, home and email addresses, phone numbers, medical insurance details, and in some instances, treatment and prescription medication details and Social Security numbers.

Because of the sensitive nature of the PHI exposed, there is a probability that the data may be used wrongly, though MS Center and Mercy Clinic Neurology Town and Country are convinced that the data was been utilized for any other reason except for marketing and research. Nevertheless, as a precaution, all impacted persons were given the chance to sign-up for a year of credit monitoring and identity theft protection services for free.

Upon finding out about the error, the matter was investigated and the personnel likely involved were questioned regarding the occurrence. Policies and procedures were already adjusted to avoid the same incidents from happening again later on.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/