Breach Report: Former UPMC Employee Viewed Records Inappropriately | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Breach Report: Former UPMC Employee Viewed Records Inappropriately

December 4, 2013
by Gabriel Perna
| Reprints

A former employee at University of Pittsburgh Medical Center’s (UPMC) McKeesport hospital viewed the protected health information (PHI) of nearly 1,300 patients, the health system recently announced.

The employee, who held an administrative position as a "unit coordinator" according to media reports, accessed patient medical records, which included patients’ names, dates of birth, contact information, treatment and diagnosis information, and Social Security numbers. She did not have a valid reason to do so, which is a violation of the federal Health Insurance Portability and Accountability Act (HIPAA).

“We apologize for any concern or inconvenience that this may cause for our patients. I want to stress that patient care was never affected,” John Houston, UPMC’s vice president of privacy and information security, said in a statement. “Fortunately, one of our employees who became aware of the inappropriate activity alerted hospital management in early November, and we were able to track and stop this improper behavior.

UPMC says the woman was fired and local and federal authorities have been alerted. The health system says it is providing additional employee training and continuing its own review with the aim of enhancing its privacy policies and procedures.  In terms of motive, the system did not have one.

“The former employee reported to UPMC that she did not store this information or use it for financial gain,” Houston said in a release.  

Email Malware Causes Breach at UW Medicine

At the Seattle-based University of Washington (UW) Medicine, an employee opened an email attachment that contained malicious software (malware), which took control of the computer and had patient data stored on it.

The health system said the computer contain private health data on roughly 90,000 Harborview Medical Center and University of Washington Medical Center patients. The data included name, medical record number, other demographics (which may include address, phone number), dates of service, charge amounts for services received at UW Medicine, Social Security Number or HIC (Medicare) number, and date of birth.

According to UW Medicine, the patient information was not sought or targeted.




HealthlinkNY’s Galanis to Step Down as CEO

Christina Galanis, who has served as president and CEO of HealthlinkNY for the past 13 years, will leave her position at the end of the year.

Email-Related Cyber Attacks a Top Concern for Providers

U.S. healthcare providers overwhelmingly rank email as the top source of a potential data breach, according to new research from email and data security company Mimecast and conducted by HIMSS Analytics.

Former Health IT Head in San Diego County Charged with Defrauding Provider out of $800K

The ex-health IT director at North County Health Services, a San Diego County-based healthcare service provider, has been charged with spearheading fraudulent operations that cost the organization $800,000.

Allscripts Touts 1 Billion API Shares in 2017

Officials from Chicago-based health IT vendor Allscripts have attested that the company has reached a new milestone— one billion application programming interface (API) data exchange transactions in 2017.

Dignity Health, CHI Merging to Form New Catholic Health System

Catholic Health Initiatives (CHI), based in Englewood, Colorado, and San Francisco-based Dignity Health officially announced they are merging and have signed a definitive agreement to combine ministries and create a new, nonprofit Catholic health system.

HHS Announces Winning Solutions in Opioid Code-a-Thon

The U.S. Department of Health and Human Services (HHS) hosted this week a first-of-its-kind two-day Code-a-Thon to use data and technology to develop new solutions to address the opioid epidemic.