The University of Arkansas for Medical Sciences (UAMS) in Little Rock said that it has experienced a data breach involving the records of 7,000 patients who had interventional radiology procedures between 2009 and 2011.
The breach occurred when financial data were not anonymized before being sent to an individual -- who was not an employee of the academic health center -- for analysis of billing charges in mid-February 2012. A Web-based email service was used.
UAMS discovered on April 6 that the data contained patient names, UAMS account numbers, dates of service, interventional radiology procedures, diagnosis codes, and charges and payments. When contacted, the recipient said that he did not look at or use patient names when preparing the financial analysis and did not disclose the information he had received to anyone else.
All patients were sent a letter advising them of the breach, and UAMS established a toll-free number to handle questions and concerns.