Breach Report: Former UPMC Employee Viewed Records Inappropriately

Dec. 4, 2013
A former employee at University of Pittsburgh Medical Center’s (UPMC) McKeesport hospital viewed the protected health information (PHI) of nearly 1,300 patients, the health system recently announced.

A former employee at University of Pittsburgh Medical Center’s (UPMC) McKeesport hospital viewed the protected health information (PHI) of nearly 1,300 patients, the health system recently announced.

The employee, who held an administrative position as a "unit coordinator" according to media reports, accessed patient medical records, which included patients’ names, dates of birth, contact information, treatment and diagnosis information, and Social Security numbers. She did not have a valid reason to do so, which is a violation of the federal Health Insurance Portability and Accountability Act (HIPAA).

“We apologize for any concern or inconvenience that this may cause for our patients. I want to stress that patient care was never affected,” John Houston, UPMC’s vice president of privacy and information security, said in a statement. “Fortunately, one of our employees who became aware of the inappropriate activity alerted hospital management in early November, and we were able to track and stop this improper behavior.

UPMC says the woman was fired and local and federal authorities have been alerted. The health system says it is providing additional employee training and continuing its own review with the aim of enhancing its privacy policies and procedures.  In terms of motive, the system did not have one.

“The former employee reported to UPMC that she did not store this information or use it for financial gain,” Houston said in a release.  

Email Malware Causes Breach at UW Medicine

At the Seattle-based University of Washington (UW) Medicine, an employee opened an email attachment that contained malicious software (malware), which took control of the computer and had patient data stored on it.

The health system said the computer contain private health data on roughly 90,000 Harborview Medical Center and University of Washington Medical Center patients. The data included name, medical record number, other demographics (which may include address, phone number), dates of service, charge amounts for services received at UW Medicine, Social Security Number or HIC (Medicare) number, and date of birth.

According to UW Medicine, the patient information was not sought or targeted.

Sponsored Recommendations

Care Access Made Easy: A Guide to Digital Self-Service for MEDITECH Hospitals

Today’s consumers expect access to digital self-service capabilities at multiple points during their journey to accessing care. While oftentimes organizations view digital transformatio...

Going Beyond the Smart Room: Empowering Nursing & Clinical Staff with Ambient Technology, Observation, and Documentation

Discover how ambient AI technology is revolutionizing nursing workflows and empowering clinical staff at scale. Learn about how Orlando Health implemented innovative strategies...

Enabling efficiencies in patient care and healthcare operations

Labor shortages. Burnout. Gaps in access to care. The healthcare industry has rising patient, caregiver and stakeholder expectations around customer experiences, increasing the...

Findings on the Healthcare Industry’s Lag to Adopt Technologies to Improve Data Management and Patient Care

Join us for this April 30th webinar to learn about 2024's State of the Market Report: New Challenges in Health Data Management.