Notice of Privacy Incident

Children’s Minnesota takes the privacy and security of its patients’ information very seriously. Regrettably, this notice is about an incident that involved some of that information.

On August 26, 2019 we learned that the internal calendars for some of  our staff members were configured in a way that allowed the calendars to be viewed outside of Children’s systems. We immediately corrected the configuration, began an investigation, and engaged a computer forensic firm to assist with the data analysis. The investigation showed that some of those calendars could have been configured this way as early as December 2011. In addition to calendar entries reflecting patient appointments that occurred during this time period, calendar entries reflecting appointments prior to that time and already scheduled into the future may have been viewable.  These affected calendars did contain limited demographic and clinical information such as:  patient name, medical record account number, insurance account number, date of birth, appointment time and location, date of service, name or abbreviation of procedure, name of health care provider and/or name of insurance carrier.  We have confirmed that the scope of the incident is limited to these calendars, and no other Children’s information systems were compromised.

Although we have no indication that any patient information has actually been accessed or misused by an unauthorized person, we advise patients to always take care to protect confidential information by closely monitoring account statements and insurance explanation of benefits.  We take this incident very seriously.  We will be reviewing our security policies and procedures and training staff to protect against future incidents.

We deeply regret any concern or inconvenience this incident may cause you.    If you have questions about this incident, please call our dedicated call center at 1-844-867-7277, Monday through Friday, between 8:00 a.m. and 5:00 p.m. Central Time.