Montefiore Medical Center and Geisinger Terminates Workers Involved in Unauthorized PHI Access

Montefiore Medical Center in Bronx, New York has dismissed a worker due to the supposed theft of the protected health information PHI of around 4,000 patients. Montefiore learned about the possible internal data breach in July 2020 and began investigating the unauthorized health record access.

Montefiore had used a technology solution that tracks EHRs for improper access. Hence, the employee was identified. The investigation verified that the personnel had acquired access to healthcare records with no valid work reason from January 2018 to July 2020.

Viewing the medical records of patients while there isn’t any legit reason to do so is a violation of HIPAA and hospital policies. Montefiore stated criminal history checks are performed on all staff before receiving a job at the medical center and Montefiore gives HIPAA training to all personnel. The staff involved had gotten substantial privacy and security training yet chose to break internal guidelines and HIPAA Regulations.

The breach investigation is still ongoing and the NYPD has been notified about the incident. NYPD already started a criminal investigation.

Montefiore seriously regrets this occurrence and won’t condone any violation of patient privacy. This action is viewed as criminal in nature and Montefiore is completely working with authorities as the case proceeds.

The former worker accessed the types of data including names, birth dates, addresses, and Social Security numbers. Montefiore provided the impacted patients with free 12-months identity theft protection services. The patients likewise get $1,000,000 identity theft insurance policy protection.

Montefiore Medical Center is currently increasing its tracking functions and employee training programs.

Geisinger Dismisses Personnel for Inappropriate Medical Record Access

Geisinger has terminated staff for unauthorized medical record access. A member of the employees informed the Geisinger Privacy Office regarding a staff who was alleged to access patients’ medical records when there wasn’t any legit work reason.

The report was obtained on June 3, 2020 and Geisinger quickly started an investigation of the inappropriate access. The investigation ended on September 8, 2020. Employed at a Geisinger Clinic, the worker concerned had approved access to patient data, however, the investigation showed that the records of about 700 patients were viewed with no legitimate work reason. The unauthorized access began in June 2019 and carried on up to June 2020.

The viewed information included names, dates of birth, addresses, telephone numbers, dates of service, medical record numbers, medical conditions, diagnoses, prescription drugs, treatment data, other clinical notes and social security numbers. An evaluation of the worker’s network activity revealed no proof that suggests the theft of data, nevertheless as a precaution, all patients affected by the breach received complimentary credit monitoring and identity theft protection services.

At Geisinger, safeguarding patients’ and members’ privacy is of extreme importance. Safety measures and protocols to recognize incidents like these are set up to prevent such incidents later on.

About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at