Former Med Center Health employee steals encrypted patient billing data

Bowling Green, Ky.-based Med Center Health said in a news release Tuesday that some confidential patient billing information was stolen by a former employee.

Here are seven things to know.

1. Med Center Health said the former employee obtained billing information on patients treated at The Medical Center Bowling Green, The Medical Center Scottsville, The Medical Center Franklin, Commonwealth Regional Specialty Hospital, Cal Turner Rehab and Specialty Care and Medical Center EMS. The treatment took place between 2011 and 2014.

2. The stolen information included name, address, social security number, health insurance information, diagnosis and procedure codes, and charges for medical services, according to the release. It did not include patient medical records.

3. The organization said an internal investigation revealed the former employee was able to obtain the billing information under the guise that said employee needed the information to properly carry out job duties.

4. Commenting on the situation, Med Center Health said: "Upon uncovering this information, Med Center Health took immediate action, including reporting the matter to law enforcement and providing government officials with information we gathered as part of our internal investigation. To date, their investigation indicates that in August 2014 and February 2015 the individual in question obtained patient information on an encrypted CD and encrypted USB drive, without any work-related reason to do so."

5. Med Center Health said it will notify affected patients in the coming weeks via notification letters and will offer free credit monitoring and identity protection services for one year. The organization said it also will send notification letters to the insurance subscribers and patients' guarantors.

6. "Med Center Health is committed to protecting the security and confidentiality of our patients' information. We apologize to our patients who have been impacted by this misuse of information," Connie Smith, Med Center Health CEO, said in the release. "It is important for our patients to know that we are not aware of any evidence indicating that the billing records were being used to cause harm. We have been working alongside law enforcement on their continued investigation and greatly appreciate their involvement in this matter."

7. In response to the incident, Med Center Health said it is "re-enforcing education with their employees regarding its strict patient confidentiality policies and procedures and reviewing its internal controls."


More articles on health IT:
AHIMA releases health IT guidelines to support LGBT patients
Almost 18k records exposed in Metropolitan Urology Group ransomware attack
Insiders responsible for 58% of healthcare data breaches in February: 5 insights

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months