The Boston Globe reports that the Boston Medical Center (BMC) recently began notifying approximately 15,000 of its patients that doctors’ notes containing their personal information had been posted without password protection on the Web site of a transcription service used by BMC physicians (h/t HealthITSecurity).
The data exposed on MDF Transcription Services’ Web site included patients’ names, addresses and medical information, including prescriptions, but did not include Social Security numbers or financial information.
“We have no evidence that any unauthorized individuals actually looked at the records,” BMC chief of staff Jenni Watson told the Globe. “But we wanted to notify the patients involved.”
In a statement, the hospital said it immediately informed MDF and its subcontractors of the error when it was discovered on March 4, 2014.
“We take our responsibility to maintain our patients’ privacy very seriously and have notified all individuals who were affected by this vendor error. … As a result of this incident, we have terminated our relationship with MDF,” the hospital added.