University Hospital Newark (NY) has found out that an ex-worker had accessed the protected health information(PHI) of many patients with no permission over the span of one year. That information was then shared with other persons who were at the same time not approved to see the data.
Insider breaches just like this are quite prevalent, while what makes this circumstance jump out is the time the access happened. University Hospital Newark mentioned in its substitute breach notice, the unauthorized access transpired from January 1, 2016, to December 31, 2017.
The ex-employee was given access to patient records to carry out work assignments yet had gone further than the permitted usage of that access and had viewed patient records not relevant to work requirements. The types of data accessed and acquired by the person contained names, birth dates, addresses, Social Security numbers, medical insurance data, health record numbers, and clinical details regarding care patients got at University Hospital. University Hospital mentioned the issue was reported to authorities and there’s a continuing criminal investigation into the unapproved access and disclosure.
University Hospital stated it commenced sending notification letters to affected people on October 11, 2021 and has given to those persons free one-year identity theft and credit monitoring services. University Hospital stated steps were undertaken to cut down the possibility of further security breaches such as this, including an analysis of internal guidelines and processes and additional training for the staff on patient privacy. The breach report sent to the Department of Health and Human Services’ Office for Civil Rights mentioned that 9,329 patients were impacted.
Staff members generally access and divulge PHI to identity thieves, even though the nature of the details acquired implies that might not be so in this example. University Hospital has not shared the rationale for the access or the way the breach was learned, only that the former worker viewed the PHI of patients who stopped by the emergency department and got treatment for injuries gotten in a motor vehicle mishap between 2016 and 2017.
In August 2021, Long Island Jewish Forest Hills Hospital in New York advised over 10,000 patients who had their PHI impermissibly accessed and compromised from August 23, 2016, to October 31, 2017. The breach in the same manner affected patients who visited the emergency department subsequent to a motor vehicle mishap. That breach was known upon receiving a subpoena due to a “No-Fault” vehicle accident insurance scheme.
LastLast January 2020, Beaumont Health reported an impermissible access and disclosure occurrence likewise affecting the PHI of patients who were engaged in a vehicle accident between February 1, 2017, and October 22, 2019. The ex-employee was believed to have shared the PHI with an affiliated personal injury attorney.