The breach was due to a supervisor within the Phlebotomy department improperly arranging for a hospital volunteer to access patient PHI.
The breach was due to a supervisor within the Phlebotomy department improperly arranging for a hospital volunteer to access patient PHI.

A data breach at NYC Health + Hospitals/Coney Island hospital may have compromised the information of nearly 3,500 patients.

The breach was due to a supervisor within the Phlebotomy department improperly arranging for a hospital volunteer to access patient protected health information (PHI) during their assigned task which included logging patient names in a log book, cleaning up storage department areas, and transporting specimens within the facility, according to the breach notification letter.

The volunteer was not authorized to access patient PHI because they weren't appropriately processed by Coney Island's Human Resources Department.

The incident took place over a three month period beginning in December 2016 and was spotted on March 10, 2017. Hospital officials reminded management of their responsibility to ensure that all volunteers are processed through the Human Resources Department. Those who suspect they had been affected may request access to their records and if appropriate can request to amend their records.