New York City HHC reports possible PHI disclosure of 90,000 patients

A former New York City Health and Hospitals Corp. employee improperly accessed and transmitted files containing protected health information, prompting the health system to notify nearly 90,000 patients their data may be compromised.

A former employee at HHC Jacobi Medical Center in the Bronx sent files with PHI to her personal email account and new work email account. HHC discovered the breach through its information governance and security program that monitors and detects email communications that contain PHI and other confidential information sent from HHC's network without authorization, according to an HHC statement.

PHI included in the email includes patient names, addresses, birth dates, telephone numbers, medical record numbers, treatment dates, types of services, limited sensitive health information and some health insurance identification including Social Security numbers.

HHS has no evidence any files were accessed by anyone other than the former employee, and there is no evidence the information was misused, according to the statement.

The incident occurred Feb. 19, 2015 and was discovered Feb. 27, 2015. The former employee said she accessed and sent the files "in the event that in the future she had to respond to questions about her past work at JMC," according to the breach notification HHC sent to patients.

The former employee said she did not give the information to any other parties and has deleted all the information from her personal computer and email account, which HHS later verified. The employee's new employer also examined her work computer and determined the files were not present on the device or the greater network, according to the breach notification letter.

Editor's note: This article's headline has been updated. It previously incorrectly identified the organization as New York City HHS.

New York City HHC reports possible PHI disclosure of 90,000 patients

More articles on data breaches: