Share this article on:
Upstate University Hospital in Syracuse, NY, is notifying 1,216 patients that some of their protected health information (PHI) has been impermissibly accessed by a former employee.
Upstate University Hospital discovered the breach on September 12, 2018, which prompted a full investigation to determine which patients had had their privacy violated. The investigation revealed that the former employee first accessed patient health records without any legitimate work reason for doing so on November 3, 2016. Patient records continued to be accessed until October 23, 2017.
The investigation did not uncover any evidence to suggest any information had been printed, copied, or forwarded outside the organization.
It is unclear why the former employee accessed the records. No information on the motives behind the privacy violations has been made public.
Highly sensitive information such as Social Security numbers, financial information, health insurance information and other information typically sought by identity thieves were not compromised and remained secure at all times.
The breach was limited to names, ages, addresses, medical record numbers, dates of service, types of services received, diagnoses, treatment information, and details of prescriptions.
All staff members at the hospital with access to PHI already receive in-depth training on maintaining the privacy and security of patient information and are aware of their responsibilities with respect to HIPAA.
The privacy breach has prompted Upstate University Hospital to conduct a review of safeguards to keep patient health information private and confidential and those safeguards have now been strengthened.