The hospital notified study participants that their personal information was inadvertently posted online.

Officials at Brigham and Women’s Hospital (BWH) notified research study participants that their personal information had been posted on a public website.

BWH shared a notice online Friday that said personal information such as names, addresses, contact information, and medical record numbers were mistakenly shared online. Clinical information, like diagnosis, lab results, medications, and procedures, may have also been made public. 

Hospital officials said they immediately removed the link to the personal information on June 13, after learning of the situation through a review of their workflow process. 

People’s Social Security Numbers, financial account numbers, health insurance information, and credit card numbers were not included in the data that was made public, BWH officials said. 

According to the hospital’s notice, during the course of a research study or quality improvement project, graphs are created to illustrate certain information about the study to share with others in the healthcare community. That information is shared through Tableau, a data analytics tool. In this particular incident, the graphs were posted online via the public website for the Tableau tool and were meant to provide only high-level and summary information. 

For the research study, the graphs were posted on the public version of the Tableau tool on February 25, 2018. For the quality improvement project, the graphs were posted on the public version of the Tableau tool on January 14, 2023. 

In its statement, the hospital said: “We are fully committed to protecting the information entrusted to us and we sincerely regret that your information was accidentally available via this public website for this period of time. BWH has taken several steps to mitigate and help prevent incidents like this from occurring in the future, including conducting a review when we discovered the matter and providing privacy and security reminders regarding the use of this tool.”

Anyone who believes they may have been affected by the incident can contact hospital officials by emailing [email protected].