UPMC Alerts Patients to Privacy Concern
PITTSBURGH, Nov. 27, 2013 – To protect the privacy rights of its patients, UPMC is alerting nearly 1,300 people treated at various UPMC locations over the past year that their records were viewed inappropriately by a UPMC McKeesport employee who was not involved in their care.
The employee has been terminated, and local and federal authorities have been alerted. Additionally, UPMC has notified the U.S. Department of Health and Human Services as required by the federal Health Insurance Portability and Accountability Act (HIPAA). UPMC is providing additional employee training and continuing its own review with the aim of enhancing its privacy policies and procedures.
“We apologize for any concern or inconvenience that this may cause for our patients. I want to stress that patient care was never affected,” said John Houston, UPMC’s vice president of privacy and information security. “Fortunately, one of our employees who became aware of the inappropriate activity alerted hospital management in early November, and we were able to track and stop this improper behavior. UPMC is committed to meeting our patients’ privacy expectations. We will continue to make significant investments in employee training and the best available tools for managing the use of our patients’ electronic records. However, there is no fail-safe system, and we ultimately depend on the integrity, vigilance and honesty of all of our employees.”
As a result of UPMC’s internal investigation, it was determined that the now former employee accessed patient medical records — including patients’ names, dates of birth, contact information, treatment and diagnosis information, and Social Security numbers — without a valid reason to do so, a violation of HIPAA. “The former employee reported to UPMC that she did not store this information or use it for financial gain,” said Mr. Houston. “But out of an abundance of caution, we deemed it appropriate to inform our patients. We suggest that everyone take steps, including credit monitoring, to protect his or her identity.”
UPMC is sending letters to patients whose information may have been viewed inappropriately in this incident. Patients who have any questions or concerns can contact the UPMC Office of Patient and Consumer Privacy at 412-647-6286 or check UPMC.com for additional privacy resources.