Massachusetts EMR Firm Reports Data Breach

Lawrence Melrose Medical Electronic Record Inc. (LMMER), a Melose, Mass.-based electronic medical record (EMR) firm, has sent a letter to the New Hampshire Attorney General’s office notifying authorities of a data breach involving its EMR software.

In the letter, LMMER—which was organized by Hallmark Health System, located in the greater Boston area—stated that there was an incident involving unauthorized access of EMRs and patient registration information by a medical practice employee, resulting in the potential compromise of the protected health information and personal information of two New Hampshire residents. It is not clear how many patients, in total, were affected by this incident.

The notice said that patients across six medical practices were affected, and letters were mailed to those patients on or around March 14.   

According to the letter, LMMER is in the process of implementing privacy and data security enhancement measures in response to this incident, including increasing the profile of privacy and data security issues at all levels, re-training employees of the participating medical group regarding privacy and data security policies and procedures, and engaging consultants to develop a tool for more effectively monitoring access to patient medical records.

The six practices affected were: Canan Avunduk, MD; Maury Goldman, M.D.; Hallmark Health Medical Associates; Main Street Family Practice; John Mudrock, M.D.; and Womens Healthcare Associates. One year of free credit monitoring and identity theft consultation and restoration services will be provided  to the affected patients.