Skip to Content
Also part of the UPMC family:

Privacy and Breach Alerts

What Happened?

On 4/11/22, UPMC became aware our patients' protected health information may have been inappropriately accessed. Through investigation, UPMC determined that Protected Health Information was inappropriately accessed as a result of an employee inappropriately accessing UPMC medical records without a UPMC business need.

What Information Was Involved?

The potentially accessed information varies by individual, but may include first and last names, dates of birth, diagnosis, medications, medical treatment information, and financial account information. Social Security Numbers were not involved in this incident.

What We Are Doing

Information privacy and security are among the highest priorities at UPMC. As such, we immediately took steps to mitigate any negative impact of the breach including ensuring that no further access by employee occurred. As a result of this issue, and to avoid future issues, UPMC has taken the following steps:

  • UPMC disciplined the employee consistent with corrective action policies established by UPMC's Human Resources department.
  • Review of employee medical record access permissions for affected department.
  • UPMC notified via U.S. Mail all affected patients for whom we had current contact information.

What Can You Do?

UPMC has mitigated the risk of potential negative outcomes resulting from this breach to the best of our ability. For more information related to this breach, please reach out to the Office of Patient & Consumer Privacy by calling 412-647-5757 or emailing privacyaskus@upmc.edu.