Former Member of Staff Causes HIPAA Breach at Northwestern Memorial Hospital

by | Jan 6, 2021

An update on the Departments of Health and Human Services’ (HHS) Office for Civil Rights (OCR) breach portal has revealed that a previously-employed contract staff member may have illegally accessed the medical records of a range of patients working at Chicago Northwestern Memorial Hospital.

This Healthcare Insurance Privacy Accountability Act (HIPAA) breach was initially identified on December 2, 2020. Following an investigation of the access logs it was discovered that the temporary staff member  viewed patient records despite not having a valid work reason for doing so. The individual accessed the medical records in question for more than a month. However, the subsequent investigation has show that there is nothing to indicate that insurance information or Social Security numbers were viewed or copied during this HIPAA breach. the range of data that may have been accessed includes patient names, addresses, and treatment history

Additionally representatives from Northwestern Memorial Hospital have said that, to date, there is no proof that any fraudulent activity was carried out using the data that was accessed, but patients should double check any bills they get.

According to the breach notification published the HIPAA breaches took place between October 27, 2020 and December 2, 2020.

Northwestern Memorial Hospital released an official statement in relation to the privacy breach revealing that the records of 682 patients may have been accessed and confirmed that the temporary worker no longer works at the health center. Additionally, no further details have been uncovered as to why the records were accessed at all. All impacted individuals are being alerted about the privacy breach via mail and the incident has been made known to the the appropriate agencies.

The statement read: “Northwestern Memorial has no reason to suspect that there has been any re-disclosure of any patient information associated with the incident.”

This incident is typical of many that involve a member of staff breaching HIPAA rules, on purpose of inadvertently, and further highlights the need for HIPAA training to being conducted for all members of staff on an ongoing basis. Conducting ongoing training for staff to make them aware of their responsibilities in relation to HIPAA minimizes that potential for a breach like this, which could lead to a penalties including financial sanctions and directives to implemented new data management security procedures and processes.

This is just the latest HIPAA breach which was caused by a member of staff completing an action that is prohibited under the HIPAA legislation. Some of the others include:






Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy