Personal information for 2,800 patients making or changing doctor appointments on April 19, 2004, at the Ohio State University Medical Center was accidentally placed in a computer file accessible through an Internet search, said OSU Health Systems Privacy Officer Margaret Johnson. Johnson said the file was available through an Internet search "with a specific combination of elements." An individual making such a search discovered the file "a few weeks ago" and notified the system. The system then blocked public access to the server containing the file and took steps to remove any traces of the information. Johnson said the system notified patients of the error in letters Nov. 2 and offered to provide 12 months free credit-monitoring and protection.
So far, there has been no indication that the information was misused, although it might have been accessible for about 18 months, Johnson said. She said the system has strengthened policies and technological solutions to prevent future mistakes. -- by Andis Robeznieks