Healthcare Compliance Training and Certification

HIPAA News

Two Mass General Brigham Employees Terminated for Privacy Violations

by | Jul 7, 2024

Mass General Brigham based in Boston, MA, reported the termination of two employees because of a privacy breach discovered on April 4, 2024. According to the investigation of the health system, the two employees permitted a third person, who wasn’t working at Mass General Brigham, to do part of their job responsibilities that may have allowed the viewing of patients’ personal data. The investigation finished on May 28, 2024, and revealed that the claimed offenses happened from February 26, 2024 to April 4, 2024.

The Health Insurance Portability and Accountability Act (HIPAA) requires the security of protected health information (PHI) all the time and forbids sharing of PHI to unauthorized persons except if legitimate authorization was acquired from the people involved ahead of time. Mass General Brigham’s work and privacy policies stated that violation of those guidelines by the employees entails immediate termination of the employees. Mass General Brigham didn’t mention anything about the relationship between the terminated employees and the third person.

The investigation affirmed that the data possibly accessed included names, addresses, birth date, telephone numbers, medical record numbers, email addresses, and medical insurance policy numbers. Clinical data, such as data about their appointments or admissions to Mass General Brigham services, reason for the consultation, diagnosis, date of visit/admission, and location could have been accessed as well. The Social Security numbers and/or financial data, and some guarantor details of some impacted patients were also exposed. Mass General Brigham stated that no financial account numbers of the impacted persons were exposed.

Mass General Brigham stated besides firing the workers, steps were taken to avoid the same occurrences later on, which included improving its employee HIPAA training and the protocols for its security alert program. As a safety measure against identity theft and fraud, the health system offered the impacted patients free 24-month credit monitoring and identity theft protection services via IDX.

The HHS Office for Civil Rights (OCR) received two reports of unauthorized access/disclosure breaches on June 28, 2024. Mass General Brigham Health Plan submitted one report with 3,659 individuals affected. Mass General Brigham Incorporated submitted the other report with 655 individuals affected.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy