The University of Connecticut Health Center has acknowledged that a former employee inappropriately accessed records of approximately 1,400 patients, which included names, addresses, dates of birth, and in some cases, Social Security numbers. The Health Center became aware of the privacy breach on January 7, 2013.
According to the Hartford Courant, UConn spokesman Chris DeFrancesco said there's nothing to suggest that any of the information was downloaded, printed or copied or used by the employee. DeFrancesco said the employee, a woman who worked at the center for 11 years, resigned in December after an internal investigation. The investigation, started in October, found that the privacy breaches dated back to June 2010.
All Health Center employees are required to undergo training about patient privacy upon employment, and education is reinforced with ongoing training. The Health Center is currently evaluating all education and monitoring efforts to ensure ongoing compliance.
“We sincerely regret the inconvenience and concern this may cause our patients,” Iris Mauriello, the Health Center’s privacy officer, said in a statement. “The actions of one person do not define the integrity of our entire workforce and all of our collective efforts to ensure the privacy of health records. Our patients rely on each of us to ensure safe and responsible use of the information with which we have been entrusted. We take that very seriously,” she added.
Starting on March 8, 2013, all patients who were the subjects of the privacy breach will receive instructions on protecting themselves against potential identity theft. The Health Center is also offering the patients, a free, two-year subscription to a credit monitoring service along with insurance coverage to assist with any possible identity theft related to the breach.