JACKSONVILLE, Fla. – A Baptist Health patient says she was shocked to find another person’s private medical information in her online health portal, raising serious concerns about patient privacy and data security.
Elise Geiss told the News4JAX I-TEAM that when her wife checked her blood test results online, the first few pages contained her own information — but the next two pages included the personal details of a complete stranger.
“It had his first and last name, his birthday, a contact phone number, patient ID, specimen ID — everything you would find on lab work,” Geiss said. “I started wondering if someone else has our information too.”
Geiss said the bloodwork had been processed by Quest Diagnostics for Baptist Health. Concerned, she and her wife decided to contact the stranger directly to alert him to the apparent mix-up.
“I told him, ‘I’m sorry to tell you this, but my wife’s lab results had your information attached as a PDF,’” Geiss recalled. “I wanted him to know so he could report it to Baptist Health or Quest Labs.”
The man, who asked not to be identified, confirmed to the I-TEAM that he received a call from Geiss and was stunned to learn his personal data — including his name, date of birth and address — had been shared with someone else.
“They said they got my bloodwork, and I said, ‘What do you mean you got my blood work?’” he told News4JAX. “Basically, all the information anyone could use to steal my identity was there. I was not happy, to say the least.”
He said he had recently been asked to resubmit a blood sample but was never informed by Quest Diagnostics or Baptist Health that his data may have been compromised.
“Dropping the ball and sending my information to someone else is just dumb,” he said. “It shouldn’t happen in this day and age — and to make matters worse, no one has reached out to me. If it wasn’t for this woman calling, I wouldn’t even know it happened.”
Both Baptist Health and Quest Diagnostics issued this statement to News4JaX
Baptist Health Statement
At Baptist Health, protecting the privacy and confidentiality of our patients is one of our highest priorities. We are dedicated to complying with all applicable state and federal privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA). We maintain strong administrative, technical, and physical safeguards to protect patient information. We have established procedures to investigate privacy incidents and take proactive steps to help prevent them from happening again.
Due to our obligations under HIPAA, we are unable to comment on specific individual situations.
Quest Diagnostics Statement
We take patient privacy very seriously and are deeply committed to upholding the highest standards of confidentiality in compliance with state and federal privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA). Due to HIPAA, we are unable to comment on any specific patient matters and cannot confirm or deny whether any individual mentioned in WJXT’s report is a patient. We encourage any patient with a privacy concern to contact us so we may address any concerns confidentially.