Penn says some patients' privacy was compromised

The University of Pennsylvania Health System revealed Monday that some patients' privacy was accidentally breached because of misprinted bills.

One of Penn's billing vendors, RevSpring of Wixom, Mich., had a malfunction in its printing operation. As a result, some patients received bills containing both their own correct information and an unrelated patient's information on the reverse side of the statement.

The inadvertent information included the unrelated patient's name, physician, types of services and tests, and amount owed.

"Social Security numbers, dates of birth, diagnoses, and insurance numbers were not printed on these" misprinted bills, Penn said in a statement.

More than 500 erroneous statements, affecting more than 1,000 patients, were mailed, although Penn spokeswoman Susan E. Phillips said she did not have an exact number.

The vendor discovered and reported the problem to Penn on Dec. 5 and has since worked to investigate it, notify affected patients, and make sure the error does not recur, Phillips said.

"We haven't had any angry patients," she added. "Just people calling to say, 'Isn't this odd?' "

Patients with questions about misprinted bills may call Penn's hotline at 877-309-0186.

The federal HIPAA law protects the privacy of individually identifiable health information, and requires businesses to provide notification following a breach.

The U.S. Department of Health and Human Services has discretion to impose monetary penalties, depending on the nature and extent of the violation and the resulting harm. If the violation is unintentional and is corrected within 30 days, there are no penalties.