UAMS Announces Medical Records Breach, Is Notifying 1,500 Patients

by Mark Friedman  on Monday, Nov. 26, 2012 1:02 pm  

The University of Arkansas for Medical Sciences said Monday that it is notifying about 1,500 patients of a medical records breach involving a resident physician who was terminated in 2010.

UAMS said that former resident Nasrin Fatemi "kept some patient lists and notes regarding patients in violation of UAMS policy after leaving UAMS on June 3, 2010." UAMS said its HIPAA office discovered the breach on Oct. 9.

UAMS said Fatemi's documents were from January 2010 to June 2010 and "contained patient names, partial addresses, medical record numbers, dates of birth, ages, locations of care, dates of service, diagnoses, medications, surgical and other procedure names, and lab results."

No social security, bank account, or credit card numbers were included, UAMS said.

UAMS said it is notifying affected patients by mail and through its website.

"UAMS takes the privacy and security of its patients’ health information very seriously," it said in a statement.

UAMS said patients who believe their information might have been included in the breach and have questions can go to or call (888) 729-2755. 


The UAMS HIPAA office learned of the documents when Fatemi produced them during her lawsuit against UAMS over her termination from the residency program.

On Nov. 7, UAMS became aware that additional documents Fatemi kept had been provided to UAMS attorneys on June 25.

"The records are now protected by a court order, which prevents them from becoming a public record and will prevent anyone from further using or disclosing the documents," UAMS said.

Fatemi "also assured UAMS under oath that she did not share the documents with anyone except her attorneys with whom she has a Business Associate Agreement that specifically protects this information," UAMS said.  



Please read our comments policy before commenting.