Florida Health system suffers privacy breach involving nearly 9,500 patients.

April 17, 2012 |

In a report by iHealthbeat the Memorial Health Care system was compromised by two employees improperly accessing patient data with the intention of filing false tax returns.

The report provides:

Florida-based Memorial Healthcare System is notifying nearly 9,500 patients that a recent data breach might have exposed their personal information, CMIO reports (Byers, CMIO, 4/13).

Details on the Breach

On Jan. 27, MHS discovered that two employees improperly accessed patient data with the intent of filing false tax returns. Although no medical records were taken, MHS officials said the employees could have accessed patients’:

  • Names;
  • Dates of birth; and
  • Social Security numbers (LaFave Grace, Modern Healthcare, 4/13).

Kerting Baldwin, a spokesperson for the five-hospital system, did not indicate whether any of the notified patients had experienced identity theft (LaMendola/Gehrke-White, South Florida Sun Sentinel, 4/13). Baldwin also did not provide information on whether the patient data were encrypted, citing the ongoing investigation.

Response to the Breach

MHS has fired both employees who inappropriately accessed the patient data. According to Baldwin, the hospital system also is “actively cooperating with law enforcement.”

In a statement, MHS said it will provide affected patients with one year of no-cost credit-monitoring services and access to support through a call center.

To prevent future breaches, the health care system said it has “continued to refine its privacy policies, to reinforce with all staff the importance of handling patient information and to enhance many of its auditing controls by taking advantage of recent advances in best-practice technology” (Modern Healthcare, 4/13).

Access by employees is a major and ongoing concern by any large organisation which has a large database of individuals information.  In the Australian context the temptation to learn more about neighbours, those in the news and others have brought displincary charges against members of the Victorian Police misusing the LEAP database (see articles here and here.  The problem is perennial.  One part of the problem is that the temptation to access information about others can be irresistable. Another aspect is cultural.  In the police there is a persistant problem with some members taking the view that their access rights  are broad like their on duty discretion.   The Ombudsman identified that problem back in 2005.  But the disincentive to improperly access information is not there.  Criminal charges are not laid for breaches.  Breaches are dealt with administratively.  People whose information whose information has been accessed should be made aware of the breach.  That will have an impact on the Police.  Those individuals should have a right to take action against those who breach.

Leave a Reply

Verified by MonsterInsights