Share this article on:
Allegheny Health Network’s Jefferson Hospital in Pittsburg, PA is the latest HIPAA-covered entity to announce some of its patients are victims of a HIPAA breach caused by a rogue employee of a billing Business Associate, Medical Management LLC (MML).
Allegheny Health Network (AHN) has now issued a HIPAA breach notice to the media announcing a small percentage of its patients will soon be receiving a breach notification letter in the post. The data breach has only affected some patients who used the hospital’s emergency services during the past two years; approximately 800 individuals.
Those patients have been informed that the hospital has just discovered it has also been affected by the Medical Management data breach, first reported to have affected 2,259 patients of the University of Pittsburgh Medical Center.
According to the breach notice, patient’s medical histories and treatments have not been exposed and disclosed, although some Protected Health Information (PHI) and Personally Identifiable Information (PII) has been compromised, including patient names, dates of birth and Social Security numbers. As is the case with patients of other hospitals affected by the data breach, credit monitoring services are being provided for a period of one year to protect against fraud.
How did the Medical Management Data Breach Occur?
Protected Health Information (PHI) was provided to the BA by the hospital under the terms of a HIPAA Business Associate Agreement (BAA), in order for MML to provide billing and coding services. The BAA demanded that MML must abide by HIPAA Privacy and Security Rules and implement measures to safeguard the PHI and PII it was supplied with.
However, in spite of protections being in place, an employee, who was leaving the company, copied data from the billing system and disclosed that information to an unnamed third party. It is not clear at this stage why the data was taken, the reason why it was disclosed.
The latest announcement brings the total number of hospitals that have confirmed they have been affected by the MML data breach to 16. The total number of healthcare providers on the books of MML is understood to be 40.