Montefiore Medical Center and Bethesda Hospital Fire Employees for HIPAA Breaches

Baptist Health’s Bethesda Hospital in Boynton Beach, FL has fired an employee for impermissibly accessing a patient’s protected health information and altering a home health order which was used to provide a patient with home care services.

The HIPAA breach was identified on December 1, 2020, prompting an internal investigation. The employee has now been terminated and the incident reported to law enforcement.

The investigation revealed other patient records may also have been accessed by the former employee between June 1, 2019 and December 2, 2020. The types of information potentially viewed included names, dates of birth, addresses, health insurance information, Social Security numbers, and clinical documentation.

All affected individuals have been notified and offered complimentary identity theft protection and credit monitoring services and Baptist Health is exploring ways to further safeguard patients’ protected health information and prevent similar breaches in the future.

The incident has yet to be listed on the HHS’ Office for Civil Rights’ website so it is currently unclear how many patients have been affected.

Montefiore Medical Center Fires Employee for Unauthorized Medical Record Access

Montefiore Medical Center in New York has discovered an employee accessed the protected health information of patients without authorization over a period of 5 months in 2020. Upon discovery of the unauthorized access, Montefiore immediately deactivated the employee’s access to the electronic medical record system and an investigation was launched to determine the extent of the HIPAA violations.

After a thorough investigation, the employee was terminated and the matter was reported to law enforcement for possible criminal prosecution. The types of information viewed by the former employee varied from patient to patient and may have included first and last names, addresses, dates of birth, medical record numbers, clinical information such as test results, diagnoses, and visit histories and the last four digits of Social Security numbers.

No reason was provided as to why the information was accessed, but no evidence was found to indicate patient information has been used for identity theft or fraud. All affected patients have now been notified and offered complimentary identity theft protection services.

This is the second incident involving improper medical record access to be announced by Montefiore Medical Center in the past 5 months. In September 2020, the medical center announced a former employee had stolen the PHI of approximately 4,000 patients between January 2018 and July 2020.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.