University Hospital Newark (NY) learned that an ex-employee obtained the protected health information (PHI) of hundreds of patients by accessing the records with no authorized permission for over one year. That information was then given to other people who were likewise not permitted to see the data.
Insider breaches including this are rather typical, however, what makes this breach be prominent is the time the access took place. The University Hospital Newark stated in the substitute breach notice that the unapproved access happened between January 1, 2016, and December 31, 2017.
The ex-employee was given access to patient information to carry out work assignments but had gone beyond the permitted usage and had accessed patient files not relevant to job responsibilities. The types of details read and acquired by the person included names, birth dates, addresses, Social Security numbers, patient record numbers, medical insurance data, and clinical data linked to care patients got from University Hospital. University Hospital explained the issue was reported to law enforcement officials and there is a criminal inquiry into the unapproved access and exposure.
University Hospital said it sent breach notification letters to impacted persons beginning on October 11, 2021 and has provided those people free 12-months identity theft and credit monitoring services. University Hospital mentioned steps were undertaken to lower the risk of other similar data breaches, which include an evaluation of internal guidelines and operations and additional education for the staffing regarding patient privacy. Universal Hospital notified the Department of Health and Human Services’ Office for Civil Rights about the breach on October 8, 2021 as impacting 9,329 persons.
Staff members usually access and make known PHI to identity thieves, however, the type of records acquired indicates that may not be true in this incident. University Hospital hasn’t stated the cause of the access or the way the breach was identified, just that the former staff accessed the data of patients who had been to the emergency section and obtained medical help for injuries suffered as a result of a motor vehicle accident in 2016 – 2017.
On November 5, 2021, University Hospital sent one more insider breach report to the HHS’ OCR that affected 10,067 patients. The breach involved identical data types like the preceding reported breach and was also associated with persons engaged in car-related accidents. The unauthorized access took place from January 1, 2018, to December 31, 2019 and concerned the PHI of people engaged in car accidents between 2018 and 2019. University Hospital didn’t explain whether this was the same employee nevertheless affirmed a criminal investigation is in progress and the person involved is not working at University Hospital anymore. Notification letters were mailed to impacted persons beginning November 5, 2021.
In August 2021, Long Island Jewish Forest Hills Hospital in New York advised over 10,000 patients who had their PHI impermissibly viewed and exposed from August 23, 2016, to October 31, 2017. The breach in the same way affected patients who had been to the emergency unit right after a car accident. That breach became known as soon as a subpoena was gotten as an element of a “No Fault” motor vehicle accident insurance plot.
Last January 2020, Beaumont Health reported an impermissible access and disclosure case likewise relating to the PHI of patients who were engaged in a motor vehicle accident from February 1, 2017, to October 22, 2019. The ex-worker was alleged to have shared the PHI with an associate personal injury attorney.