The personal health information of more than 8,500 Metrocare patients was involved in an “unauthorized data sharing event” in September, the organization announced Monday.
A Metrocare employee sent an email with the health information to their personal email, according to a statement. The organization began an investigation in October after it learned about the event.
The email included patient names, medical record numbers and the date, duration and cost of service. It also listed patients’ providers and appointment times.
“There is no evidence that the [personal health information] shared was used in any way by anyone other than the one individual authorized to have the information,” the statement said. “Based on our investigation, there is no evidence that any third party accessed any of the information.”
Metrocare serves over more than 50,000 people a year – making it the largest mental health and developmental disability services provider in Dallas County. Its services are part of the county’s health care safety net, which provides care for underserved populations including Medicaid members and people without insurance.
“Privacy policies and procedures are in place and agency staff will continue ongoing training on best practices, rules and requirements,” Metrocare said.
Abigail Ruhman is KERA’s health reporter. Got a tip? Email Abigail at aruhman@kera.org.
KERA News is made possible through the generosity of our members. If you find this reporting valuable, consider making a tax-deductible gift today. Thank you.
