Brigham and Women’s Hospital, a founding member of Mass General Brigham, is notifying 987 individuals of a privacy incident.
During a certain research study and quality improvement project, graphs were created to illustrate certain information to share with others in the healthcare community using the public version of a commonly used data analytics tool called Tableau. These graphs were posted on the internet via the public website for the Tableau tool and created to provide only high-level and summary information.
On June 8 of this year, BWH learned that these graphs inadvertently included a publicly accessible link to some personal and health information collected in connection with the study or project. They immediately conducted a review and promptly had the graphs and link removed on June 13, 2023.
BWH does not believe there are any specific steps individuals should take because of this incident; the data did not involve access to or release of Social Security Numbers, financial account numbers, health insurance information or debit/credit card numbers.
The personal information disclosed may have included individuals’ name, address, medical record number, date of birth, email address and phone number. The clinical information disclosed may have included individuals’ diagnosis, lab results, medications and procedures collected as part of the research study or quality improvement project. The link regarding the research study was publicly accessible between February 25, 2018, to June 13, 2023, and the link regarding the quality improvement project was publicly accessible between January 14, 2023, to June 13, 2023.
Appropriate steps have been taken to mitigate and help prevent incidents like this from occurring in the future, including providing privacy and security reminders regarding the use of Tableau.