Electronic Medical Record Vendor Admits Security Breach
Patients at six medical practices in Massachusetts and New Hampshire may have been affected.
In a recent letter [PDF file] sent to the New Hampshire State Attorney General's Office, laywers for Massachusetts' Lawrence Melrose Medical Electronic Record, Inc. (LMMER) stated that two New Hampshire residents' protected health information and personal information may have been exposed.
Still, as Government Health IT's Erin McCann notes, it's not clear how many Massachusetts residents may have been affected. The six medical practices affected, McCann reports, were Dr. Canan Avunduk; Dr. Maury Goldman; Hallmark Health Medical Associates; Main Street Family Practice; Dr. John Mudrock; and Womens Healthcare Associates -- all of them located in Melrose, Mass.
According to the letter, the breach was the result of "unauthorized access by a medical practice employee to electronic medical records and patient registration information." The individuals affected were notified by mail, and were offered one year of credit monitoring and identity theft consultation and restoration services from Kroll Advisory Solutions.
Hallmark Health director of marketing Rick Pozniak told HealthITSecurity's Patrick Ouellette that "fewer than 200 electronic patient medical records" were accessed by a private physician's employee, who has since been fired. "Information potentially reviewed by the employee could include the patients name, Social Security number, health insurance and medical information," Pozniak said.
The letter states that LMMER is implementing enhanced privacy and data security measures in response to the incident, including re-training employees on privacy and data security policies and procedures, and hiring consultants to develop an tool for monitoring access to patient medical records.