Dedicated to providing the latest
HIPAA compliance news

Coney Island Hospital Supervisor Allowed Unvetted Volunteer to Access PHI

Share this article on:

NYC Health + Hospitals has discovered a volunteer accessed the protected health information of almost 3,500 patients without official authorization.

The unauthorized disclosure of PHI was discovered by NYC Health + Hospitals on March 10, 2017. The volunteer had worked in the phlebotomy department of Coney Island Hospital for a period of three months under direction of a supervisor.

The supervisor arranged for the volunteer to perform a number of tasks, some of which involved accessing certain patients’ PHI. While volunteers would be permitted access to PHI if they had been first vetted by Coney Island Hospital’s Human Resources department, in this case that process had not been completed.

When the supervisor instructed the volunteer to perform certain duties that required the PHI of patients to be accessed, the supervisor violated NYC Health + Hospitals polices and Health Insurance Portability and Accountability Act Rules.

The activities performed by the volunteer that involved accessing PHI included logging the names of patients in a log book and transporting specimens within the Coney Island facility. While performing those duties, the volunteer had access to protected health information such as patients’ names, medical record numbers and dates of birth. Since the volunteer had not been vetted, an unauthorized disclosure of PHI had occurred.

The incident was investigated and aside from the volunteer viewing PHI, no other improper disclosures of PHI are understood to have occurred; however, the privacy violation warranted notifications to be sent to patients as is required by HIPAA Rules.

Anthony Rajkumar, Chief Executive Officer of NYC Health + Hospitals issued a statement confirming action has been taken to prevent further privacy breaches of this nature from occurring, including reminding management of the responsibility to ensure all volunteers are subjected to proper processing procedures by the human resources department.

Action has also been taken against the supervisor for violating hospital policies. The supervisor was initially suspended and later resigned from the position. The volunteer has been prevented from accessing Coney Island Hospital facilities.

Due to the limited nature of PHI accessed by the volunteer, credit monitoring services have not been offered, although a toll-free number has been set up to allow patients to have any questions answered.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On