Montefiore Medical Center and Geisinger Terminates Personnel for Inappropriate PHI Access

Montefiore Medical Center in Bronx, NY has dismissed a staff because of the claimed theft of the protected health information PHI of roughly 4,000 patients. Montefiore knew about the probable internal data breach in July 2020 and started an investigation into unauthorized health record access.

Montefiore had put in place a technology solution that monitors EHRs for unauthorized access. Therefore, the personnel was determined. The investigation affirmed that the personnel had gotten access to healthcare records with no valid work reason between January 2018 and July 2020.

Accessing the medical records of patients though there isn’t a valid reason for doing so violates HIPAA and hospital guidelines. Montefiore mentioned criminal record checks are done on all staff prior to getting a placement at the medical center and Montefiore requires HIPAA training to all workers. The personnel concerned had acquired considerable privacy and security training still decided to disobey hospital policies and HIPAA Rules.

The investigation into the breach is still in progress and the NYPD has been informed about the case. NYPD already began a criminal investigation.

Montefiore greatly regrets this episode and doesn’t tolerate any patient privacy violation. This activity is regarded as criminal in nature and Montefiore is absolutely cooperating with the police force as the case moves onward.

The former worker accessed the types of information such as names, birth dates, addresses, and Social Security numbers. Montefiore offered the impacted patients free one-year identity theft protection services. The patients also get $1,000,000 identity theft insurance policy coverage.

Montefiore Medical Center is currently extending its supervising functionality and employee training programs.

Geisinger Dismisses Worker for Unauthorized Medical Record Access

Geisinger has terminated a worker for improper medical record access. A member of the personnel notified the Geisinger Privacy Office concerning a worker who was believed to have accessed patients’ health records when there was no legit work reason.

The report was filed on June 3, 2020 and Geisinger immediately launched an investigation of the unauthorized access. The investigation concluded on September 8, 2020. Working at a Geisinger Clinic, the staff involved had authorized access to patient files, nevertheless, the investigation uncovered that the records of approximately 700 patients were accessed without valid work reason. The unauthorized access commenced in June 2019 and persisted until June 2020.

The viewed data contained names, dates of birth, addresses, phone numbers, dates of service, medical record numbers, medical conditions, diagnoses, prescribed medicines, treatment details, clinical notes, and social security numbers. An analysis of the staff’s network activity showed no evidence that indicates the theft of information, however, as a safety measure, all patients affected by the breach got complimentary credit monitoring and identity theft protection services.

At Geisinger, securing patients’ and members’ privacy is of great importance. Safeguards and protocols to determine incidents just like these are in place to avoid similar future incidents.