Southfield, MI-based Beaumont Health, which is a non-profit 8-hospital health system, discovered the unauthorized access to its patients’ medical records by a former employee who potentially shared protected health information (PHI) with someone else.
Upon discovery of the unauthorized access to medical records, the hospital system launched an internal investigation. The access logs of the former employee were reviewed and revealed the unauthorized access first happened on February 1, 2017 and persisted until October 22, 2019. Then, the provider discovered the breach in December 2018.
Beaumont Health started its internal investigation confirmed on December 10, 2019 that the former employee had access to the medical records of 1,182 patients in a span of 20 months. The information potentially obtained and disclosed included names, email addresses, addresses, contact telephone numbers, birth dates, Social Security numbers, medical insurance information, and reason for getting medical care.
The individual with whom the employee disclosed the information was affiliated with a personal injury lawyer. The majority of the patients whose information was accessed had received treatment for injuries suffered in motor vehicle mishaps.
As soon as unauthorized access was ascertained, Beaumont Health fired the employee for hospital policies and HIPAA law violations. The breach report has been submitted to law enforcement and Beaumont Health mentioned it will aid law enforcement if of prosecution. The breach was likewise reported to the Michigan Health and Hospital Association.
Beaumont Health mailed notification letters to all affected patients. Patients who had their Social Security numbers compromised also received offers of credit monitoring and identity theft protection services. Patients were advised to stay alert to the threat of identity theft and fraud and were told to look at their explanation of benefits statements and accounts with care and to report in case of suspicious activity.
To prevent the occurrence of similar breaches, Beaumont Health updated its internal policies and procedures.
Ex-VA Employee Received Sentence for Leaking Medical Records of Former Army Major
Jeffrey Miller, 40, of Huntington, WV, a Department of Veteran Affairs’ Benefits Administration former employee, got his sentence for the unauthorized access of the healthcare records of veterans and for disclosing the health records of a former U.S. Army major who sought a position in Congress in West Virginia.
Miller pleaded guilty to getting the healthcare data of 6 veterans, which include the ex-Army Major, Richard Ojeda. Pictures of the records were taken and sent to an associate. The photo of Ojeda’s health records was later passed to high-ranking Republicans to try to sway his 2018 campaign for the 3rd Congressional District in West Virginia.
The federal court sentenced Miller on January 21, 2020 and will remain in jail for 6 months.