Information on thousands of UCSF patients was accessible on the Internet for more than three months last year, a possible violation of federal privacy regulations that might have exposed the patients to medical identity theft, The Chronicle has learned.
The information accessible online included names and addresses of patients along with names of the departments where medical care was provided. Some patient medical record numbers and the names of the patients’ physicians also were available online.
The breach was discovered Oct. 9, but the medical institution did not send out notification letters to the 6,313 affected patients until early April, nearly six months later.
The consequences of health care data breaches can be significant, said experts. Sensitive information can be used by employers, health insurers and other entities to discriminate. Additionally, thieves can use purloined information to obtain medical treatment and prescription drugs and to file false medical claims.