COVID-19: Vaccinations, testing and general information. Learn more

Notice of Privacy Incident

Posted January 25, 2023


After discovering inappropriate access to protected health information (PHI) by an employee on September 2, 2022, The MetroHealth System (MHS) notified all impacted individuals by mail on October 27, 2022.

The United States Postal Service returned approximately 21 of these notifications as undeliverable. This message constitutes substitute notice for those individuals we attempted to notify but were unable to reach. If you have any questions or believe you may have been one of the individuals with an undeliverable address, please contact us by phone at (855) 245-4022. If calling outside of normal business hours, please leave a voicemail and your call will be returned within 48-72 hours.

Re: Important Notice About Your Health Information

Dear [NAME]:

We are sending this letter to you as part of the commitment of The MetroHealth System (MHS) to patient privacy.  It is important to us that you are made fully aware of a privacy incident related to your information.

On September 2, 2022, MHS learned that, on [various dates between April 11, 2022 and August 11, 2022], an MHS employee accessed your medical record without having a business purpose. We discovered this when a concerned provider reported suspicious activity by the employee. Our investigation confirmed the provider’s suspicions. The employee’s actions violated our policies with no excuse for the behavior.

The employee may have viewed [various combinations of name, date of birth, address, phone number, email address, diagnoses/conditions, appointment date and type, treatment information, medical history, primary care provider and lab orders/results]. No other information was involved. The employee did not have access to financial information, such as Social Security numbers or banking information.  
In response to this incident, MHS addressed the employee’s behavior according to our policies and procedures. We continue to educate staff and reinforce employees’ responsibility to protect our patients’ privacy.