Nurse Who Shared Patient Data with New Employer gets 1-Year Suspension

by | Jun 11, 2018

A nurse practitioner who breached the privacy of patients by sharing their contact information with her new employer has been suspended for 12 months by the New York State Education Department.

In April 2015, Martha C. Smith-Lightfoot obtaine a spreadsheet containing the personally identifiable information of around 3,000 patients of University of Rochester Medical Center (URMC) and shared that information to her new employer, Greater Rochester Neurology.

The privacy breach was noticed when several patients complained to URMC about being contacted by Greater Rochester Neurology about switching health care providers.

Before departing URMC, Smith-Lightfoot requested data on patients she has treated in order to ensure continuity of care.  URMC provider her with a spreadsheet that included names, addresses, dates of birth, and diagnoses. URMC did not give Smith-Lightfoot permission to take the spreadsheet with her when she left her role with them.

Supplying the patient list to Greater Rochester Neurology was an impermissible disclosure of PHI and a breach of the HIPAA Privacy Rule. When it became apparent what had occurred, URMC contacted Greater Rochester Neurology and the list was given back.

The privacy breach was made known to the Department of Health and Human Services’ Office for Civil Rights (OCR), as required by HIPAA, and the New York attorney general. OCR looked into the instance but closed the case without issuing any financial penalties, although then attorney general Eric Schneiderman fined URMC $15,000 for the HIPAA breach.

Criminal penalties were not sought against Smith-Lightfoot, although the matter was looked into by the New York State Education Department which issues licenses for the professions.

Smith-Lightfoot admitted sharing personally identifiable patient information to her new employers and, in November 2017, signed a consent-order with the state nursing board Office for Professional Discipline. That consent order was recognized by the Board of Regents in February.

Along with the 1-year suspension of her license, Smith-Lightfoot received a 12-month stayed suspension and faces a two-year probation when she returns to work.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy