Impermissible Access of 1,216 Patient Records by Former Upstate University Hospital Employee

by

Upstate University Hospital located in Syracuse, NY notified 1,216 of its patients regarding the impermissible access of a former personnel to some of their protected health information (PHI). The hospital became aware of the breach on September 12, 2018. Immediately, the breach was investigated to find out which patients were affected by the privacy violation. The investigation results showed that the old employee initially accessed the medical records of patients without any authorization on November 3, 2016 and continued to do so until October 23, 2017.

The investigation didn’t find any proof that indicate the former employee printed, duplicated or forwarded any information beyond the organization. There’s no clear reason uncovered by the investigators as to why the past employee accessed the patient records. Hence, there is no information announced to the public regarding the motives behind the incident.

There was no compromise of highly sensitive data, for instance Social Security numbers, financial data, health insurance details and other information. So, this is not a typical incident engaged in by identity thieves. .

The breached information was limited to the patients’ names, addresses, ages, medical record numbers, types of services obtained, service dates, diagnoses, treatment details, and prescription medications.

Because of the incident, all hospital personnel with access to PHI received detailed training about the preservation of the confidentiality and security of patient data. They were also made aware of their accountabilities regarding HIPAA.

The privacy breach caused Upstate University Hospital to review and strengthen its safety measures for keeping patient health data private and confidential.

James Keogh

James Keogh has been writing about the healthcare sector in the United States for several years and is currently the editor of HIPAAnswers. He has a particular interest in HIPAA and the intersection of healthcare privacy and information technology. He has developed specialized knowledge in HIPAA-related issues, including compliance, patient privacy, and data breaches. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681 or email directly at [email protected]