Upstate University Hospital in Syracuse, NY, is getting in touch with 1,216 patients to advise them that some of their protected health information (PHI) has been impermissibly accessed by a former member of staff.
Upstate University Hospital first identified the breach on September 12, 2018, which led to a full investigation to find out which patients had had their privacy impacted. The investigation showed that the former member of staff first accessed patient health records without any valid work reason for doing so on November 3, 2016. Patient records went on being accessed until October 23, 2017.
The investigation did not unearth any proof to suggest any information had been printed, copied, or forwarded outside the group.
It is not obvious why the former member of staff accessed the records. No details on the justification for the privacy violations has been made public.
Highly sensitive data including Social Security numbers, financial data, health insurance information and other information usually sought by identity thieves were not impacted and remained protected at all times.
The breach was restricted to names, ages, addresses, medical record detailss, dates of service, the range of services received, diagnoses, treatment data, and details of prescriptions.
All employees at the hospital with permitted access to PHI already receive in-depth training on safeguarding the privacy and security of patient information and are familiar with their responsibilities with under HIPAA.
The privacy breach has led to Upstate University Hospital completing a review of safeguards to keep patient health information private and confidential and those safeguards have now been enhanced.