Tulane Campus Health breach left patient names, appointments visible
Tulane University announced a new director of counseling on Thursday.
December 6, 2021
As of Dec. 6, the full names of hundreds of patients for at least one Tulane University Campus Health doctor were left publicly visible to all individuals with a Tulane University email address, in a privacy breach with significant implications for patient confidentiality.
The information was accessible via Microsoft Outlook’s calendar feature, without privacy measures redacting private information about meetings and appointments on other individuals’ calendars.
After being alerted to the breach, Tulane secured patient information.
The doctor, who will remain unnamed for patient privacy reasons, left patient names uncensored, as well as the specific dates and times of their appointments.
Campus Health is an entity covered by the Health Insurance Portability and Accountability Act of 1996, which requires it to maintain strict confidentiality around patient names, records and information. The accessibility of this data may suggest a violation of both federal law and Tulane’s own regulations regarding patient privacy.
Campus Health uses a software called Medicat to store patient records in a way compliant with federal law restricting release of medical information. Microsoft Outlook is not compliant with privacy laws by default, and it is unclear why the medical provider treated it as such.
This comes after the Tulane University Police Department failed to secure crime victims’ names through similar Microsoft software and publicized the private information of those needing TUPD’s assistance.
Tulane declined to comment.
This is a developing story and will be updated as more information becomes available.
Alumnus • Dec 7, 2021 at 8:32 am
Well… according to a comment on the “campus health in chaos” article last week, Scott Tims eliminated the IT guy’s position in January 2021. Is there anyone seriously supporting campus health with their specialized IT needs? Highly doubt it, and in light of this double whammy, I feel pretty bad for campus health employees.
Speaking of which…is anyone checking on the mental health of the current campus health employees?
Current Student • Dec 7, 2021 at 10:46 am
Currently LaTesha Hinton is in charge of Medicat and that form of IT
Former Employee • Dec 7, 2021 at 4:50 pm
LaTesha Hinton is Scott Tims longtime friend and is NOT qualified to work as IT. LaTesha Hinton was given this job because she worked with Scott Tims while working in the WELL . A real IT person would have known not to have patient’s information linked to an unsecure Outlook account.
Former TUCH Employee & Your Former Colleague • Dec 8, 2021 at 5:44 am
Stop. Stop. Stop. Ms. Hinton had nothing to do with this Data Breach. This is solely on the prescriber. As a former employee you know that Medicat is the only software approved to house patient information. The doctor had access to Medicat and chose to utilize Outlook. The article says this clear as day. This was not a Medicat breach this was poor decision making on the prescribers part.
It sounds like retraining may need to occur and the Medical Director may need a conversation with prescribers on the appropriate software that needs to be utilized when handling patient information.
While you may be angry direct your anger at the right people and don’t start a witch hunt. If you still have friends at Campus Health fight for the removal of Scott Tims not everyone who has had lunch with him.
PS. I promise you La’Tesha isn’t invited to his house for tea time every Saturday. Having a working relationship with your supervisor isn’t grounds to be dismissed when they leave. She is not nor has not been part of his Tyrannical Reign- she is always respectful of people and because she has not changed her character (and been cruel to other employees) it’s taken her a long time to move into a Director position which should have been hers long ago- through education, experience and training.
Also your former colleague • Dec 8, 2021 at 3:02 pm
I don’t think the IT issue falls any bit on La’Tesha. However, excusing behavior and discouraging reporting of abusive behavior does make you complicit in Tims’ tyrannical reign. She is absolutely respectful and great, we agree, but that does not excuse the harm done to others as a result of failing to protect those beneath her.
Don't Destroy Peoples Name Fact Check • Dec 8, 2021 at 7:03 am
Please fact check. This just is not true and it’s not fair to put incorrect information like this out. In addition, this is not a problem regarding Medicat this is about poor judgement on the providers part.
stop • Dec 9, 2021 at 9:27 am
La’Tesha is a good person. This wasn’t her responsibility at all. Just stop.
Alumnus • Dec 8, 2021 at 1:12 pm
We know that Micheal S. Tims is manipulative and conniving in his leadership style. It would not surprise me if Micheal asked the provider to put his patient schedule on their Outlook calendar so that Micheal can “monitor” his daily workflow/activity. It has always bothered me that some Tulane Admin asks direct reports to share their Outlook calendar. It feels invasive, unprofessional, and disrespectful to monitor an employees daily workflow/activity. Did Micheal ask this provider to to this? If so … Why? I think the provider in question deserves the right to provide their side of the story.
Employee • Dec 6, 2021 at 8:17 pm
It’s unfortunate knowing this doctor will likely be berated and abused by Dr. Tims.
Dear Scott Tims, RESIGN.
Peter Principle • Dec 7, 2021 at 6:28 am
If anything, Tims will probably just get promoted.
Current Student • Dec 6, 2021 at 7:14 pm
Not only is Scott Tims an ineffective and cruel manager, but it appears he can’t ensure the security of patient information even in a rinky dink small time campus health operation. Shudder to think what would happen if he worked at a real clinic or medical center, or even a state school at that
anon '23 • Dec 6, 2021 at 6:48 pm
The devil works hard, but the Hullaballoo editors work harder!!!