Las Vegas Sun

December 1, 2022

Currently: 54° — Complete forecast

UMC: Patient info leaks likely date back to July


Sam Morris

The entrance to University Medical Center’s trauma unit and emergency room is shown in 2009.

Related Document (.pdf)

For more than three months someone at University Medical Center illegally leaked the personal information of traffic accident victims — a breach of social security numbers, birth dates and more that only stopped when the Las Vegas Sun contacted the hospital about it, according to a statement released today by UMC.

The Sun contacted the hospital Nov. 19 about the leak of “face sheets,” the cover sheet that contains personal information about each case. That’s the day the leak stopped, hospital officials said in a statement said.

When the Sun talked on Nov. 19 to Kathy Silver, the hospital’s chief executive, she said it was unlikely that there was a breach of private patient information. She had heard rumors of a leak during the summer, but a cursory investigation she conducted had revealed nothing, she said.

“I thought it was a nonissue,” Silver said at the time.

That’s when the Sun told her that it had 21 UMC face sheets from Oct. 31 and Nov. 1 traffic accident victims, verifying the leak.

“Wow,” Silver said.

In today’s announcement, the hospital says it now believes that the face sheets were being released since July 30.

A concerned source in the medical community had provided the newspaper with the documents. The source is several degrees removed from the leak at UMC and did not know exactly where the documents came from. Many people knew about the leak and had tried to tell the hospital’s administrators, the source said, but no one had taken any action.

The Clark County Commissioners, who serve as its board of trustees, had done nothing about the leak, which had been going on for months, the source said.

The FBI is investigating the leak for violation of the Health Insurance Portability and Accountability Act, better known as HIPAA, a federal law that guards patient privacy in health care facilities.

UMC officials did not return requests for comment. The hospital said in its statement that its original investigation only included Oct. 31 and Nov. 1, but it became clear that there was need to expand the investigation.

UMC started notifying patients Dec. 24 that personal information of patients and others who provided personal information upon a patient’s admission to the trauma center may have been leaked. UMC is offering the victims free credit monitoring services for a year, though there have not been any reports that the data has been misused.

“UMC apologizes for any inconvenience or concern this may cause our patients,” the statement said.

In additon to working with federal investigators on the case, UMC is finding ways to improve its privacy practices, the statement said.

Anyone with information about the unauthorized release of information, or any patient who has received unsolicited contact from a law firm, is asked to call the hospital at 1-888-691-0772, or Hope Hammond, UMC’s privacy officer, at 383-3854.

Join the Discussion:

Check this out for a full explanation of our conversion to the LiveFyre commenting system and instructions on how to sign up for an account.

Full comments policy