25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Detroit Medical Center Discovers Agency Employee Disclosed Patients’ PHI

Posted By on Jul 17, 2017

Detroit Medical Center has discovered an employee has stolen the protected health information of as many as 1,529 patients and impermissibly disclosed that information to a third party.

Detroit Medical Center became aware of the security breach when the staffing agency that supplied the employee contacted DMC to report that it had discovered protected health information had been obtained and provided to an third party.

DMC is part of the Tenet Healthcare system and runs eight hospitals and institutions in Detroit and southeast Michigan. DMC has not released information on the specific medical center where the employee worked or that individual’s role.

The types of information that were stolen and disclosed were also not made public. However, DMC has issued a statement confirming the data theft and disclosure have been reported to law enforcement and that the hospital is cooperating fully with the police investigation.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Upon hearing of the unauthorized disclosure, Detroit Medical Center conducted a thorough internal investigation, which included a review of all medical records that could potentially have been accessed by the employee. The employee’s login to systems containing PHI has been blocked and the employee has been terminated.

Detroit Medical Center determined that patients impacted by the security breach had visited a DMC facility for treatment between March 2015 and May 2016. Those individuals have now been notified by mail that their PHI has been compromised and have been offered credit monitoring services for 12 months without charge through AllClear.

If employees are given access to PHI in order to complete work duties there is always a risk that data access rights will be abused. It is therefore important for healthcare organizations to monitor PHI access logs regularly to check for inappropriate access. Detroit Medical Center did have monitoring systems in place, although the security breach has prompted DMC to modify monitoring programs to ensure any future incidents are detected rapidly.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist