HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Beaumont Health Discovers 20-Month Insider Breach

Beaumont Health, a not-for-profit 8-hospital health system based in Southfield, MI, has discovered a former employee has accessed the medical records of patients without authorization and is understood to have shared protected health information with another individual.

An internal investigation was launched when it was discovered medical records had been accessed without authorization. A review of the former employee’s access logs revealed the unauthorized access first occurred on February 1, 2017 and continued until October 22, 2019. The breach was discovered in December 2018.

Beaumont Health said its internal investigation determined on December 10, 2019 that the medical records of 1,182 patients were accessed over a period of 20 months. The information potentially obtained and disclosed included names, addresses, contact telephone numbers, dates of birth, email addresses, health insurance information, reason why medical care was sought, and Social Security numbers.

The individual to whom the information was believed to have been disclosed was affiliated with a personal injury lawyer. Most of the patients whose records were accessed had sought treatment for injuries sustained in motor vehicle accidents.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

When unauthorized access was confirmed, the employee was fired for violating hospital policies and HIPAA Rules. The incident has been reported to law enforcement and Beaumont Health said it will assist law enforcement if prosecution is pursued. The matter has also been reported to the Michigan Health and Hospital Association.

All patients affected by the incident have been notified by mail. Credit monitoring and identity theft protection services have been offered to patients whose Social Security number was compromised. Patients have been advised to be alert to the risk of identity theft and fraud and have been advised to check their explanation of benefits statements and accounts carefully and to report any suspected cases of misuse of their information.

Beaumont Health has taken steps to update internal policies and procedures to prevent similar incidents from occurring in the future.

Former VA Employee Sentenced for Leaking Medical Records of Former Army Major

A former employee of the Department of Veteran Affairs’ Benefits Administration has been sentenced for accessing the medical records of veterans without authorization and for leaking the medical records of a former U.S. Army major who ran for Congress in West Virginia in 2018.

Jeffrey Miller, 40, of Huntington, WV, pleaded guilty to accessing the medical records of 6 veterans, including the former Army Major, Richard Ojeda. Photographs of the records were taken and sent to an acquaintance. The image of Ojeda’s medical records was subsequently distributed to high-ranking Republicans in an attempt to influence his 2018 campaign for the 3rd Congressional District in West Virginia.

Miller was sentenced on January 21, 2020 in federal court and will serve 6 months in jail.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.