KANSAS CITY (KCUR) A medical group that provides anesthesia services to Kansas City metro hospitals has notified 3,472 patients that some of their personal information may have been compromised after surgery schedules were stolen from an employees car.
Anesthesia Associates of Kansas City posted a notice on its website that the surgery schedules may have included some patients names, dates of birth, types and dates of surgery, and the name of the patients surgeons.
Patient addresses, Social Security numbers, insurance and financial information were not included on the schedules.
We had an employee that was doing something he wasnt supposed to be doing, said Mark Meisel, Anesthesia Associates CEO.
Meisel said the employee, a nurse anesthetist, put his backpack containing surgery schedules in a visible part of his car a violation of the medical practices data security protocols.
Unfortunately, you can tell people what the rules are, but this person didnt follow the rules, Meisel said.
Meisel declined to say whether the employee had been fired or disciplined.
The theft, which occurred in December, did not affect all of Anesthesia Associates patients. But Meisel said that out of an abundance of caution, it notified patients who underwent surgery between April 4, 2018, and Dec. 4, 2018.
The theft was reported to police but the backpack and its contents have not been recovered.
Anesthesia Associates, which is based in Overland Park, Kansas, provides anesthesiology services to Childrens Mercy Hospital as well as hospitals owned by HCA Midwest Health, including Belton Regional Medical Center, Lees Summit Medical Center, Menorah Medical Center, Overland Park Regional Medical Center and Research Medical Center.
With about 240 anesthesiologists, certified registered nurse anesthetists, pain management specialists and other clinicians, its the largest anesthesiology practice in the Kansas City metropolitan area.
The data breach is one of several that have occurred in the last few months at local and regional health care practices. Last month, Sunflower Health Plan, one of the managed care organizations that insures Kansas Medicaid patients, reported a data breach affecting 1,625 plan members after it sent ID cards and welcome packs to the wrong recipients.
Also last month, Valley Hope Association, which operates drug and alcohol rehab clinics in Kansas, Missouri and five other states, said that an unauthorized individual accessed the email account of an employee and may have viewed patients health information. That breach affected 70,799 individuals.
