On July 10, 2020, UPMC became aware that an employee accessed the protected health information of UPMC patients without a business reason. As a result, UPMC immediately initiated an internal
investigation. Through this investigation, it was confirmed that the employee did access the medical records of patients and viewed clinical and demographic information. The employee did not access social security numbers.
What information was involved?
Through the investigation, we learned that demographic as well as clinical information were affected. No social security numbers were viewed or accessed inappropriately.
What actions should you take?
If you have further questions about the breach, or to verify if you were affected or not, please reach out to 412-246-5201
or send an email to WPHPatientRelations@upmc.edu
. If you have received a notification letter from UPMC there are several resources referenced in the letter that you may choose to use to further protect your information, should you consider them to be necessary.
What are we doing?
Based on UPMC’s commitment to patient privacy, it is important that we keep our patients informed of these types of incidents when they arise. UPMC has disciplined the employee consistent with UPMC’s corrective action policies. We are also evaluating and reviewing various processes internally to determine if they can be improved to help prevent future incidents. We began mailing letters to affected customers on August 27, 2020. Within the notification letter is further contact information that affected patients can use for further information.