Montefiore Medical Center posted a security breach notice Sept. 18 stating that a former employee recently stole about 4,000 patients’ personal information.
The health system discovered the incident in July and claims the employee stole approximately 4,000 patients’ names, addresses, dates of birth and Social Security numbers between January 2018 and July 2020.
As a result of the incident, the employee was fired and the New York City Police Department launched an investigation. Montefiore said there is no evidence that the patient information has been used for identity theft.
“Montefiore deeply regrets this incident and will not tolerate any violation of patient privacy,” the health system said. “In support of all HIPAA guidance and laws, we view this activity to be criminal in nature and are fully cooperating with law enforcement as the case moves forward.”
Montefiore prohibits employees from viewing patient medical records without a work-related reason and has technology in place that monitors such activity. However, the health system is expanding its monitoring capabilities and employee training programs to increase privacy safeguards.
Montefiore is providing all affected patients with identity theft protection services, identity recovery services, one year of credit monitoring and a $1 million insurance policy as a result of the incident.
More articles on EHRs:
Geisinger fires employee for inappropriately accessing 700+ patients’ medical records
16 hospitals, health systems seeking Allscripts, Cerner, Epic, Meditech talent
Waving ‘a magic wand’ over the EHR: 7 hospital execs share the tools they’d add overnight
© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.