Dedicated to providing the latest
HIPAA compliance news

Detroit Medical Center Discovers Agency Employee Disclosed Patients’ PHI

Share this article on:

Detroit Medical Center has discovered an employee has stolen the protected health information of as many as 1,529 patients and impermissibly disclosed that information to a third party.

Detroit Medical Center became aware of the security breach when the staffing agency that supplied the employee contacted DMC to report that it had discovered protected health information had been obtained and provided to an third party.

DMC is part of the Tenet Healthcare system and runs eight hospitals and institutions in Detroit and southeast Michigan. DMC has not released information on the specific medical center where the employee worked or that individual’s role.

The types of information that were stolen and disclosed were also not made public. However, DMC has issued a statement confirming the data theft and disclosure have been reported to law enforcement and that the hospital is cooperating fully with the police investigation.

Upon hearing of the unauthorized disclosure, Detroit Medical Center conducted a thorough internal investigation, which included a review of all medical records that could potentially have been accessed by the employee. The employee’s login to systems containing PHI has been blocked and the employee has been terminated.

Detroit Medical Center determined that patients impacted by the security breach had visited a DMC facility for treatment between March 2015 and May 2016. Those individuals have now been notified by mail that their PHI has been compromised and have been offered credit monitoring services for 12 months without charge through AllClear.

If employees are given access to PHI in order to complete work duties there is always a risk that data access rights will be abused. It is therefore important for healthcare organizations to monitor PHI access logs regularly to check for inappropriate access. Detroit Medical Center did have monitoring systems in place, although the security breach has prompted DMC to modify monitoring programs to ensure any future incidents are detected rapidly.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On