The New York City Health and Hospitals Corporation (HHC) has notified approximately 90,000 patients that one of the medical organization's former employees inappropriately accessed their protected health information (PHI).
The former employee worked at Jacobi Medical Center (JMC), which is operated by HHC. The incident in question, which occurred on February 19, 2015, was discovered on February 27, 2015 when, in the course of HHC’s monitoring of outgoing emails, the organization identified a number of emails containing files of PHI that were accessed by a former Jacobi employee after her employment ended earlier in the month.
The former employee sent these files to her personal email account. She also sent these files to the email account of her new employer, which is a New York City agency that works closely with HHC, the organization said in a statement on its website. According to the former employee, she accessed and sent the subject files to these email accounts in the event that in the future she had to respond to questions about her past work at JMC.
While there is no indication that the former employer improperly used the information in these files, or that her new employer, an agency of the City of New York, has accessed, viewed or used these files, JMC says it has taken a number of steps in response. First, the organization interviewed the former employee, who said that the information she accessed was not further disseminated and was subsequently deleted from her personal computer and personal e-mail account.
A later forensic review of her personal computer and confirmed that the information was in fact deleted and had not been forwarded further from that computer. Additionally, the City agency, where the former employee now works, has advised JMC that they examined their information and email systems, as well as the computer they assigned to the former JMC employee, and they advised HHC that, after a diligent search, the subject files were not present on their systems or computer devices.