Over 1900 Total Lots Up For Auction at Two Locations - NJ Cleansweep 06/13, NJ 06/14

Spanish SpanishPortuguese Portuguese

Hospital employee emailed patient information to personal Gmail account

by John R. Fischer, Senior Reporter | January 28, 2022
Cyber Security Health IT
Share
A former healthcare employee says she 'mistakenly' emailed patient data from her work email to her personal Gmail account
The University of Arkansas for Medical Sciences says a breach perpetrated by a former employee may have exposed the protected health information of 518 patients.

The unidentified woman emailed the information in Microsoft Excel sheets back in November from her UAMS account to her personal Gmail account. UAMS discovered the breach later that month.

In writing, the former employee, who voluntarily left UAMS, said that the email was “an unintentional error on her part” and that she did “not retain or share” any information.

The spreadsheets included hospital account numbers, types of insurance, medical record numbers, dates for patient visits and claims information, as well as some patients’ dates of birth and medications. No credit card, debit card, bank account, address, driver’s license numbers or social security numbers were included, and there were no clinical documents or medical records in the attachments sent in the email, according to the university.

UAMS is notifying patients via mail and on its website, and has filed a police report with the UAMS Police Department. “UAMS takes patient privacy and security seriously, and when we discovered this mistake, we did everything we could to mitigate the risk and prevent similar incidents from happening,” said Heather Schmiegelow, J.D., UAMS HIPAA privacy officer, in a statement.

Many cybersecurity firms recommend that providers limit access to information to certain figures to avoid the risk of breaches or thefts.

UNC Hospitals in North Carolina recently experienced a breach in September when it found that one of its employees who was responsible for handling payments for services was using patient information for personal financial gain. The former employee had access to patient demographic information, including social security numbers and copies of patient driver’s licenses and insurance cards.

The healthcare system confirmed that the employee used some patients’ demographic and financial information to fraudulently obtain goods or services. It notified 719 patients whose information may have been at risk for identity theft.

UAMS says it has policies and procedures in place to protect the privacy and security of patients’ health information and that all of its employees are required to complete annual HIPAA training each year. This includes learning about employees using and accessing patients’ health information for legitimate, authorized purposes, as well as secure and encrypted email use to communicate such data.

Back to HCB News
Sign up for Health IT stories Sign up for Weekly Top stories

You Must Be Logged In To Post A Comment

Sign up for Weekly Top stories

Sign up for Health IT stories

 

advertisement

Health IT Homepage

Make waves in hospital virtual care delivery with advanced analytics
Diversifying revenue stream using patient payments
Improving standard of Prostate Cancer Diagnosis and Care while increasing MRI revenues
Preventing cyberattacks: Finding the right strategic partner
How virtual assistants are transforming business models
Technology, transparency and the bottom line: Considerations for the specialty benefits ecosystem
The consequences of the hack of Lurie Children’s Hospital
Through Edgility acquisition ABOUT aims for end-to-end AI-driven patient flow
Bayer and Google Cloud to accelerate development of AI-powered radiology applications
GE HealthCare closes MIM Software deal