HUDSON - Requests from patients for medical records are a routine task for hospitals. "I went to the hospital and was given a form to fill out for medical records," said Micki Thoms.
Thoms asked for her records after undergoing surgery at Regional Medical Center Bayonet Point in Hudson, and was told they would be mailed to her.
Days later, the papers arrived in the mail. As she opened the envelope and began to look through them, she noticed something was not quite right. "I read the first name and it wasn't mine, and I turned the page and read the second name and it was not mine," she said.
By the last page, Thoms counted 10 different patient records, complete with social security numbers. None of them were hers.
We tracked down several patients whose records wound up in her mailbox.
"You just never think it is going to happen to you," said Melissa, who does not want her last name used.
The hospital sent out medical records belonging to Melissa's underage son. She says she is disappointed the same hospital that cared for him after a car crash would put him at risk for identity theft.
"That little bit of information could have destroyed my son's future, depending on whose hands it got into," she said.
Some are more upset by the back story than the breach itself. Thoms says she called Regional Medical Center Bayonet Point on two different days, and left one message regarding the records she received. She claims no one called back
Then the former patient called us. We suggested she contact the CEO's office. It was only then the hospital seemed eager to get the documents back, she said. We followed Mickey as she returned the records on July 3.
We asked Bayonet Point about the incident on Monday, July 8. That was the same day the hospital typed up letters to patients notifying them of the breach.
"So, it's almost as if you had not investigated, would they have even sent this letter to me?" Melissa questioned.
In an e-mail, hospital spokesperson Kurt Conover responded. "Safe guarding patient privacy is among our top priorities. We have contacted the individuals involved to let them know we are investigating, and to offer appropriate protective measures to ensure their peace of mind.
The hospital declined an on-camera interview. They would not say whether any additional measures have been taken to ensure this doesn't happen again.
Meanwhile, Micki Thoms has filed a complaint with the agency for healthcare administration, which regulates Florida hospitals.
We should mention again that after we contacted the hospital about the mistake, It appears they did follow the letter of the law in notifying the patients.
If you want to learn more about HIPAA and your rights, visit http://www.hhs.gov/ocr/privacy/ .