Friday, September 21, 2012

Hospital Data Breach Tied to Two Employees: How common is this?

A July data breach at a Miami hospital was found, after investigation, to be due to two employees “inappropriately accessing” patient information. This information is according to a letter that The University of Miami Hospital sent to affected individuals.

The letter states that patient “face sheets”, containing basic patient information such as name, address, date of birth, insurance policy numbers, reason for visit, and partial social security numbers, may have been sold by the employees. The two employees in question have been terminated as a result of the incident. In the cases of patients on Medicare and Medicaid, social security numbers are used as the insurance policy number, and would therefore be fully written out on the patient face sheet, putting them in jeopardy.

As a precaution, the Hospital is providing all those affected with a 2 year subscription to a fraud monitoring service that will help detect possible misuse of personal information or identity theft. The hospital has also set up a website as a source of information and a toll free number for question that will be operating 7 days per week until December 5th.

“The University of Miami Health System is cooperating fully with law enforcement, which continues to investigate this incident. We will continue to review our practices to determine what additional steps are necessary to avoid such incidents in the future,” The University wrote in the letter. “We apologize for any inconvenience this incident may have caused. We deeply appreciate being entrusted with your care, and we want to assure you that protecting patient information is a top priority for the University of Miami Health System.”

For more information, the letter can be viewed here.

Wonder how such data breaches happen?  In this case it involved employee theft.  In other cases it can involve theft of flash drives or laptops, and it can involve not only theft, but negligence or lack of appropriate safeguards and protocols. See what Health IT News calls “10 of the largest data breaches in 2012” here

No comments:

Post a Comment