The University of Pittsburgh Medical Center (UPMC) recently began notifying almost 1,300 patients that their medical records, including their names, birthdates, contact information, treatment information, diagnosis information and Social Security numbers, were accessed inappropriately by an employee at UPMC McKeesport (h/t PHIprivacy.net).
The employee was fired, and local and federal authorities were notified, along with the U.S. Department of Health and Human Services. UPMC is providing additional employee training in response to the breach, and is conducting an internal review with the aim of enhancing its privacy policies and procedures.
“We apologize for any concern or inconvenience that this may cause for our patients,” UPMC vice president of privacy and information security John Houston said in a statement. “I want to stress that patient care was never affected. Fortunately, one of our employees who became aware of the inappropriate activity alerted hospital management in early November, and we were able to track and stop this improper behavior.”
“The former employee reported to UPMC that she did not store this information or use it for financial gain,” Houston added. “But out of an abundance of caution, we deemed it appropriate to inform our patients. We suggest that everyone take steps, including credit monitoring, to protect his or her identity.”
Patients with questions or concerns are advised to contact (412) 647-6286.