• UK HealthCare Public Notice

  • The University of Kentucky (UK) HealthCare is making public notice below of any incident involving the loss of UK HealthCare patient information. UK HealthCare takes seriously its commitment to safeguard the privacy of all patients and maintains this page as a means of communication to its patients about ongoing privacy issues. We have policies and procedures in place to protect patient information and reinforce those measures after any incident involving the loss of patient information.  


  • UK HealthCare Public Notices for August 4, 2017 

    On two separate occasions, two UK HealthCare patients’ bills were sent to the incorrect addresses.  The information was limited to the patients’ identifiers and their billing information with UK HealthCare. It did not contain the patients’ addresses, phone numbers, birthdates, social security numbers, insurance information, or financial information. UK HealthCare notified the affected individuals.


     A UK HealthCare business associate’s employee accessed a patient’s records outside their job responsibilities.  The information accessed was limited to the patient’s identifiers and specific UK HealthCare visits. UK HealthCare notified the affected individual.


     A UK HealthCare employee’s vehicle was broken into and files on nine patients were taken. The information in the files included the patients’ demographics and specific UK HealthCare visit information. The files were later found and returned to UK HealthCare. UK HealthCare notified the affected individuals.


    A UK HealthCare employee mailed treatment results with patient information to the incorrect recipient.  The information included the patient’s identifiers and treatment results.  It did not contain the patient’s social security number, insurance information, or financial information.  UK HealthCare notified the affected individual.


    On two separate occasions, two UK Healthcare employees accessed patient medical records outside their scope of duty. The information accessed was limited to the patients’ identifiers and specific UK HealthCare visits. UK HealthCare notified the affected individuals.


    A UK HealthCare employee mailed a prescription with patient information to the incorrect recipient.  The information included the patient’s identifiers and medication.  It did not contain the patient’s social security number, insurance information, or financial information.  UK HealthCare notified the affected individual.


    On three separate occasions, three UK HealthCare employees provided appointment follow up information to the incorrect patients.  The information included the patients’ identifiers and care instructions.  It did not contain the patients’ social security number, insurance information, or financial information.  UK HealthCare notified the affected individuals.


    On two separate occasions, two UK HealthCare employees used social media to discuss patient information.  The information included the patients’ identifiers and appointment information.  It did not contain the patients’ social security number, insurance information, or financial information.  UK HealthCare notified the affected individuals.


    A UK HealthCare employee provided a copy of a KASPER prescription report to the incorrect patient.  The information included the patient’s identifiers and medication information.  It did not contain the patient’s social security number, insurance information, or financial information.  UK HealthCare notified the affected individual.


  • UK HealthCare Public Notice, July 7, 2017

    On two separate occasions, two UK HealthCare patients’ bills were sent to the incorrect addresses. The information was limited to the patients' identifiers and their billing information with UK HealthCare. It did not contain the patients’ addresses, phone numbers, birthdates, social security numbers, insurance information or financial information. UK HealthCare notified the affected individuals.

    A UK HealthCare employee gave an appointment reminder to the incorrect patient. The information on the reminder was limited to the patient's identifiers and the date, time and location of the appointment. It did not contain the patient's social security number, insurance information or financial information. UK HealthCare notified the affected individuals.

    On two separate occasions, two UK HealthCare employees accessed patient records outside their job responsibilities. The information accessed was limited to the patients’ identifiers and specific UK HealthCare visits. UK HealthCare notified the affected individuals.

    A UK HealthCare employee mailed lab results to the incorrect address. The results letter contained the patient’s name, identifiers, and the results of the recent lab work. The results letter did not contain other identifying information, social security number, insurance information or financial information. UK HealthCare notified the affected individual.

    A UK HealthCare business associate’s employee accessed a patient’s records outside their job responsibilities. The information accessed was limited to the patient’s identifiers and specific UK HealthCare visits. UK HealthCare notified the affected individual.

    A University of Kentucky HealthCare worker placed a patient armband on the wrong patient. The information was limited to patient name, medical record number, date of birth and gender. UK HealthCare notified the affected individual.

    UK HealthCare business associate Midwest Medical Records Association (MMRA) mailed copies of five patients’ medical records to the wrong recipients. The information contained in the mailings included the patients’ identifiers and health records for specific visits. It did not contain the patients’ insurance information or financial information. UK HealthCare notified the affected individuals.

    A UK HealthCare worker lost a summary sheet containing information about 6 patients’ physical therapy visits. The information on the sheet was limited to the patient names, medical record number and very brief medical information regarding the visits. UK HealthCare notified the affected individuals.

    A UK HealthCare worker sent an email with a patient’s lab test results to the wrong recipient. The information was limited to the patient name, date of birth, medical record number and test results information. UK HealthCare notified the affected individual.

    A UK HealthCare worker mailed a prescription to the wrong patient. The information was limited to name, address and name of medication. UK HealthCare notified the affected individual.

  • What you can do

    For any incident, UK HealthCare recommends the following steps to prevent any possible misuse of personal information.

    Stay alert for the signs of identity theft

    • Accounts you didn't open and debts on your accounts that you can't explain.
    • Fraudulent or inaccurate information on your credit reports, including accounts and personal information, like your Social Security number, address(es), name or initials, and employers.
    • Failing to receive bills or other mail. Follow up with creditors if your bills don't arrive on time.
    • Receiving credit cards that you didn't apply for.
    • Being denied credit or being offered less favorable credit terms, like a high interest rate, for no apparent reason.
    • Getting calls or letters from debt collectors or businesses about merchandise or services you didn’t buy.

    Order your free annual credit report

    You may also contact any or all of the three major Credit Reporting Agencies if you want to further learn about identity theft protection services offered by the Credit Reporting Agencies.  The contact information is:

    Equifax (www.equifax.com)
    P.O. Box 740241
    Atlanta, GA 30374-0241
    Phone: 800-685-1111

    Experian (www.experian.com)
    P.O. Box 2104
    Allen, TX 75013-0949
    Phone: 888-EXPERIAN (397-3742)

    Trans Union (www.transunion.com)
    P.O. Box 1000
    Chester, PA 19022
    Phone: 800-916-8800

    Additionally, both the federal government and Kentucky state government offer consumer protection agencies.  The contact information for the consumer protection agencies is below:

    Federal Trade Commission (https://www.identitytheft.gov/info-lost-or-stolen.html)
    600 Pennsylvania Avenue, NW
    Washington, DC 20580
    Phone: 202-326-2222

    Office of the Attorney General (http://ag.ky.gov/Pages/protectingconsumers.aspx)
    700 Capitol Avenue, Suite 118
    Frankfort, Kentucky 40601-3449
    Consumer Protection — 888-432-9257