US patient records stolen by staff, possibly sold

Powered by SC Magazine
 

Miami hospital hit by second breach this year.

The University of Miami Hospital has fired two employees suspected of stealing and possibly selling the personally identifiable information of patients.

The health system announced the breach last week — the second to occur there this year — and began notifying those affected. A website detailing the incident also was set up. 

A hospital spokeswoman declined to provide the number of patients impacted by the theft, in which employees accessed “face sheets” — documents that include the names, addresses, dates of birth, insurance policy numbers, the reason for the hospital visit, and the last four digits of patients' Social Security numbers, according to a letter sent to affected individuals.

Rachel Seeger, a spokeswoman for the Office for Civil Rights (OCR) under the US Department of Health and Human Services, told iTnews' sister site SC Magazine that the agency had yet to confirm how many patients were affected in the breach.

If breaches affect more than 500 residents of a state, HIPAA-covered entities must notify media outlets serving the affected areas, as well as affected individuals and the Health and Human Services secretary, within 60 days of the breach.

Due to the repeated offenses, HHS will determine what corrective action the hospital has taken to keep future breaches from happening, Seeger said. Firing employees would be one among many steps taken into consideration.

Victims may include those seen between October 2010 and July of this year, hospital officials said. The Miami Herald reported that the facility admits about 19,000 patients a year.

Authorities informed the hospital of suspicious activity on July 18, after which it delayed public notice until September upon request of police to avoid “hindering the criminal investigation”, the letter said.

A representative for the Miami-Dade Police Department did not respond to a request for comment.

“This incident has no impact on your care,” said the letter to patients.

“University of Miami Hospital computer systems are completely unaffected. Your information remains current and available; no information was altered or deleted. Please be assured we are committed to protecting all information entrusted to us.”

The University of Miami Health System, which is made up of three hospitals, is offering free credit monitoring services to affected individuals for two years through an outside company.

The incident follows a breach at the hospital last November, in which a thief stole a briefcase from a physician's car, containing a flash drive with the information of more than 1000 patients, including their age, gender, diagnosis and treatment data from 2005 to 2011.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


US patient records stolen by staff, possibly sold
 
 
 
Top Stories
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
IBM, NEC picked for major NSW Transport deals
Final contract negotiations begin.
 
Uncapped fees to drive digital agenda at universities
University CIOs look to provide the 'wow' factor.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1022

Vote