Memorial Hermann Health System is committed to protecting the confidentiality and security of its patients’ information. Regrettably, this notice concerns an incident involving patient financial information.
On May 1, Memorial Hermann learned that a now former clinical administrative employee improperly used its patients’ credit and debit card information that was accessed during the collection of payments for services rendered. Memorial Hermann immediately halted the employee’s access to all patient information, suspended the employee and launched an internal investigation. The employee was terminated from employment on May 3. The internal investigation revealed the former employee processed a total of 604 credit and debit card and eCheck payments during the employee’s tenure at Memorial Hermann, which began on Sept. 24, 2018. Memorial Hermann is working with local law enforcement to identify the scope of the former employee’s improper use of its patients’ financial information.
Upon the completion of the system’s internal investigation, Memorial Hermann began mailing notification letters to patients whose financial information may have been compromised. Individuals who do not receive a letter from Memorial Hermann regarding this matter by the end of the month were most likely not impacted by this incident. If you have not received a letter but believe you were impacted, please call 1-800-621-4249.
Out of an abundance of caution, Memorial Hermann is taking actions to assist all individuals who may have been impacted, including providing those individuals free access to a credit monitoring service. Memorial Hermann is also exploring process and system enhancement opportunities to mitigate the likelihood of similar events in the future.
At Memorial Hermann, protecting and securing patient information is a top priority and the system deeply regrets any inconvenience this incident may have caused its patients. Background checks and privacy training are mandatory for all employees, and the system will continue to update and review its privacy policies and practices in an effort to prevent a reoccurrence.