Breach Report: Former UPMC Employee Viewed Records Inappropriately | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Breach Report: Former UPMC Employee Viewed Records Inappropriately

December 4, 2013
by Gabriel Perna
| Reprints

A former employee at University of Pittsburgh Medical Center’s (UPMC) McKeesport hospital viewed the protected health information (PHI) of nearly 1,300 patients, the health system recently announced.

The employee, who held an administrative position as a "unit coordinator" according to media reports, accessed patient medical records, which included patients’ names, dates of birth, contact information, treatment and diagnosis information, and Social Security numbers. She did not have a valid reason to do so, which is a violation of the federal Health Insurance Portability and Accountability Act (HIPAA).

“We apologize for any concern or inconvenience that this may cause for our patients. I want to stress that patient care was never affected,” John Houston, UPMC’s vice president of privacy and information security, said in a statement. “Fortunately, one of our employees who became aware of the inappropriate activity alerted hospital management in early November, and we were able to track and stop this improper behavior.

UPMC says the woman was fired and local and federal authorities have been alerted. The health system says it is providing additional employee training and continuing its own review with the aim of enhancing its privacy policies and procedures.  In terms of motive, the system did not have one.

“The former employee reported to UPMC that she did not store this information or use it for financial gain,” Houston said in a release.  

Email Malware Causes Breach at UW Medicine

At the Seattle-based University of Washington (UW) Medicine, an employee opened an email attachment that contained malicious software (malware), which took control of the computer and had patient data stored on it.

The health system said the computer contain private health data on roughly 90,000 Harborview Medical Center and University of Washington Medical Center patients. The data included name, medical record number, other demographics (which may include address, phone number), dates of service, charge amounts for services received at UW Medicine, Social Security Number or HIC (Medicare) number, and date of birth.

According to UW Medicine, the patient information was not sought or targeted.




Appalachia Project to Study Relationship Between Increased Broadband Access, Improved Cancer Care

The Federal Communications Commission and the National Cancer Institute have joined forces to focus on how increasing broadband access and adoption in rural areas can improve the lives of rural cancer patients.

Survey: By 2019, 60% of Medicare Revenues will be Tied to Risk

Medical groups and health systems that are members of AMGA (the American Medical Group Association) expect that nearly 60 percent of their revenues from Medicare will be from risk-based products by 2019, according to the results from a recent survey.

83% of Physicians Have Experienced a Cyber Attack, Survey Finds

Eighty-three percent of physicians in a recent survey said that they have experienced some sort of cyber attack, such as phishing and viruses.

Community Data Sharing: Eight Recommendations From San Diego

A learning guide focuses on San Diego’s experience in building a community health information exchange and the realities of embarking on a broad community collaboration to achieve better data sharing.

HealthlinkNY’s Galanis to Step Down as CEO

Christina Galanis, who has served as president and CEO of HealthlinkNY for the past 13 years, will leave her position at the end of the year.

Email-Related Cyber Attacks a Top Concern for Providers

U.S. healthcare providers overwhelmingly rank email as the top source of a potential data breach, according to new research from email and data security company Mimecast and conducted by HIMSS Analytics.