Rensselaer County Jail Implicated in Teen Girl HIPAA Violation
Protected Health Information of patients must be stored securely and unauthorized access to that data must prevented, although in the case of one Melrose family this was not the case. The family was recently alerted about the unauthorized disclosure of their teenage daughter’s medical information. The HIPAA breach allegedly occurred when employees from Rensselaer County jail gained access to the medical records of their 11-year old daughter.
The father of the girl, Dominic Pasinella, was notified when he received a letter from Northeast Health which manages the Samaritan Hospital on behalf of St. Peter’s Health Partners. The letter stated that there had been a potential HIPAA breach at the hospital where his 11 year old daughter was sent for treatment following a dog bite. The incident was described as “private” by Mr. Pasinella, yet it has now become a public matter and the issue is now subject to a criminal investigation which he discovered had been ongoing for a number of months.
Mr. Pasinella received the breach notification – a requirement under HIPAA regulations – which stated that one or two individuals in the Rensselaer County jail had potentially accessed his daughter’s records. The letter he received was one of 23 sent out to individuals affected by the data breach.
The employees in question were neighbors of Mr. Pasinella and owners of the dog which attached his daughter. Both were corrections officers employed at the Rensselaer County jail. Following the incident, which required an ambulance to come to the scene, the neighbors are alleged to have accessed the girl’s medical records while at work.
Northeast Health provides nurses working at the jail with access to its patient database to ensure that inmates receive the correct treatment and to facilitate the provision of coordinated medical care. It came to the attention of Northeast Health that data had been improperly accessed by one of its supervising nurses.
The data accessed included Social Security number, medical diagnoses, clinical laboratory results, diagnostic imaging reports, emergency department records and medication administration. Mr.Pasinella has been offered a year of data monitoring services free of charge to ensure that any damage or loss can be mitigated.
A digital trail was left by the persons who accessed the data which enabled the user account to be identified; which has since been deactivated although the incident is still under criminal investigation. Following receipt of the letter, Mr. Pasinella sought legal advice and made a Freedom Of Information Law (FOIL) request, although no response has been received to date.