HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

800 Patients of Pittsburgh Jefferson Hospital Affected by HIPAA Breach

Allegheny Health Network’s Jefferson Hospital in Pittsburg, PA is the latest HIPAA-covered entity to announce some of its patients are victims of a HIPAA breach caused by a rogue employee of a billing Business Associate, Medical Management LLC (MML).

Allegheny Health Network (AHN) has now issued a HIPAA breach notice to the media announcing a small percentage of its patients will soon be receiving a breach notification letter in the post. The data breach has only affected some patients who used the hospital’s emergency services during the past two years; approximately 800 individuals.

Those patients have been informed that the hospital has just discovered it has also been affected by the Medical Management data breach, first reported to have affected 2,259 patients of the University of Pittsburgh Medical Center.

According to the breach notice, patient’s medical histories and treatments have not been exposed and disclosed, although some Protected Health Information (PHI) and Personally Identifiable Information (PII) has been compromised, including patient names, dates of birth and Social Security numbers. As is the case with patients of other hospitals affected by the data breach, credit monitoring services are being provided for a period of one year to protect against fraud.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

How did the Medical Management Data Breach Occur?

Protected Health Information (PHI) was provided to the BA by the hospital under the terms of a HIPAA Business Associate Agreement (BAA), in order for MML to provide billing and coding services. The BAA demanded that MML must abide by HIPAA Privacy and Security Rules and implement measures to safeguard the PHI and PII it was supplied with.

However, in spite of protections being in place, an employee, who was leaving the company, copied data from the billing system and disclosed that information to an unnamed third party. It is not clear at this stage why the data was taken, the reason why it was disclosed.

The latest announcement brings the total number of hospitals that have confirmed they have been affected by the MML data breach to 16. The total number of healthcare providers on the books of MML is understood to be 40.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.