Improper PHI Access Leads to Dismissal of Montefiore Medical Center Employee


Bronx, New York based Montefiore Medical Center has dismissed a member of staff in relation to the alleged theft of the protected health information of what is estimated to be 4,000 clients.

The Montefiore Medical Center discovered a possible internal HIPAA data breach back in July of this year. The organization then moved quickly to begin a HIPAA investigation into unauthorized medical record access unpermitted individuals.

Montefiore had put in place a technology solution that allows for a review of EHRs in relation to inappropriate access. This solution identified the employee that was responsible for the breach occurring. The official investigation showed that the member of staff employee had viewed the medical records of individuals without any permitted work reason at different points in time from January 2018 to July 2020.

Viewing the medical records of clients when there is no valid reason for doing so is a breach of HIPAA and hospital policies. Montefiore released a statement that revealed that criminal background checks are carried out on all members of staff before they are hired to a position at the medical center. In addition to this Montefiore Medical Center conducts HIPAA training for all members of staff. The employee in question had received been given in depth privacy and security training but still had opted to breach internal policies and HIPAA Rules.

The investigation into the breach is current and the incident has been made known to the New York Police Department. NYPD has now initiated a criminal investigation into the matter.

A representative for the clinic said: “Montefiore deeply regrets this incident and will not tolerate any violation of patient privacy. In support of all HIPAA guidance and laws, we view this activity to be criminal in nature and are fully cooperating with law enforcement as the case moves forward.”

The range of data viewed by the former member of staff incorporated names, addresses, dates of birth, and Social Security numbers. Affected patients have been offered complimentary identity theft protection services for one year and are safeguarded against financial loss by a $1,000,000 identity theft insurance policy.

Montefiore Medical Center is now enhancing its monitoring solutions and reviewing staff training policies.