New York City HHC reports possible PHI disclosure of 90,000 patients

A former New York City Health and Hospitals Corp. employee improperly accessed and transmitted files containing protected health information, prompting the health system to notify nearly 90,000 patients their data may be compromised.

A former employee at HHC Jacobi Medical Center in the Bronx sent files with PHI to her personal email account and new work email account. HHC discovered the breach through its information governance and security program that monitors and detects email communications that contain PHI and other confidential information sent from HHC's network without authorization, according to an HHC statement.

PHI included in the email includes patient names, addresses, birth dates, telephone numbers, medical record numbers, treatment dates, types of services, limited sensitive health information and some health insurance identification including Social Security numbers.

HHS has no evidence any files were accessed by anyone other than the former employee, and there is no evidence the information was misused, according to the statement.

The incident occurred Feb. 19, 2015 and was discovered Feb. 27, 2015. The former employee said she accessed and sent the files "in the event that in the future she had to respond to questions about her past work at JMC," according to the breach notification HHC sent to patients.

The former employee said she did not give the information to any other parties and has deleted all the information from her personal computer and email account, which HHS later verified. The employee's new employer also examined her work computer and determined the files were not present on the device or the greater network, according to the breach notification letter.

Editor's note: This article's headline has been updated. It previously incorrectly identified the organization as New York City HHS.

More articles on data breaches:

Cyberattack exposes data of 1.1M CareFirst BCBS members: 6 things to know
Payer disputes hospital data breach settlement, saying hospital failed to meet privacy requirements outlined in cyber policy
Data breaches could cost $2.1T globally by 2019

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months