PHI of up to 160,000 Med Center Health Patients Allegedly Stolen by Former Employee

by Ryan Coyne | Mar 30, 2017

The Kentucky-based 6-hospital health organization Med Center Health has reported a data violation affecting around 160,000 patients. Med Center Health believes a former staff member may have stolen patients’ protected health information (PHI) prior to leaving their role with the group.

The former staff member has been accused of stealing PHI including names, addresses, health insurance information, Social Security numbers, procedure codes and billing information. Medical records were not accessed at any point.

The FBI has been advised and is also investigating along with other federal agencies. Med Center health is in the process of warning patients of the breach, although the process is predicted to take a couple of weeks due to the number of people that have been impacted.

While the breach has only recently been revealed, the data theft incidents date back to 2014 and 2015. The former employee is understood to have obtained an encrypted CD and encrypted portable storage device in August 2014 and February 2015. There was no acceptable work reason for ePHI to have been taken, although on both occasions the former employee argued that the data was needed for work-related duties.

The Bowling Green Daily News suggests Med Center Health found the breach several months ago, although notifications were delayed for some time. A representative for Med Center Health told Bowling Green Daily News “Med Center Health informed patients as expeditiously as possible. It is important to understand that the information leading Med Center Health to report the incident pursuant to HIPAA developed over time during an intensive internal investigation.”

Patients affected by the breach had received medical treatment at one of six Med Center Health facilities between 2011 and 2014: Cal Turner Rehab and Specialty Care, Medical Center EMS, the Commonwealth Regional Specialty Hospital, the Medical Center at Bowling Green, the Medical Center at Franklin and the Medical Center at Scottsville.

Patients affected by the breach have been offered one year of credit monitoring and identity theft protection services for free. Med Center Health has not found any evidence to suggest that any of the stolen information was used to commit fraud, although the possibility cannot miscounted.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Used in 1000+ Healthcare Organizations and 100+ Universities

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter