More than a thousand patients treated at a variety of University of Pittsburgh Medical Center (UPMC) locations over the past year are being notified that their personal information was viewed inappropriately by a former employee.
How many victims? About 1,300.
What type of personal information? Names, dates of birth, contact information, treatment and diagnosis information and Social Security numbers.
What happened? A former UPMC McKeesport Hospital employee accessed the patient medical records without any valid reason.
What was the response? UPMC conducted an investigation and the employee was fired. UPMC is providing additional employee training and is enhancing privacy policies and procedures. Letters are being sent to all affected individuals.
Details: A different employee alerted UPMC officials in November that the former employee was inappropriately viewing patient medical records. The improper behavior was tracked and subsequently stopped after the staffer was fired.
Quote: “The former employee reported to UPMC that she did not store this information or use it for financial gain,” John Houston, UPMC vice president of privacy and information security, said. “We will continue to make significant investments in employee training and the best available tools for managing the use of our patients' electronic records. However, there is no fail-safe system, and we ultimately depend on the integrity, vigilance and honesty of all of our employees.”
Source: upmc.com, “UPMC Alerts Patients to Privacy Concern,” Nov. 27, 2013