Employee Terminated by Montefiore Medical Center and Bethesda Hospital for HIPAA Breaches

Baptist Health’s Bethesda Hospital located in Boynton Beach, FL has terminated a worker because of impermissibly accessing the protected health information (PHI) of a patient and modifying a home health order that was used to give home care services to a patient.

The hospital discovered the HIPAA breach on December 1, 2020 and conducted an internal investigation. The employee involved in the breach ended up being dismissed. The hospital already informed law enforcement about the incident.

The investigation showed that the former employee also accessed other patient records from June 1, 2019 to December 2, 2020. The types of data possibly accessed included names, birth dates, addresses, medical insurance details, Social Security numbers, and clinical records.

All affected persons received notification and offers of free identity theft protection and credit monitoring services. Baptist Health is looking for more ways to protect patients’ PHI and avoid the same breaches later on.

The HHS’ Office for Civil Rights’ website has not listed the incident yet so the number of patients affected is presently uncertain.

Montefiore Medical Center TerminatesTerminates Employee for Unauthorized Access of Medical Records

Montefiore Medical Center located in New York found out that an unauthorized worker accessed the PHI of patients in a span of 5 months last 2020. Upon becoming aware of the unauthorized access, Montefiore quickly blocked the employee from accessing the electronic medical record system and started an investigation to know the magnitude of the HIPAA violation.

Following the comprehensive investigation, the medical center terminated the employee and reported the breach to law enforcement for probable criminal prosecution. The former employee viewed types of information that varied from one patient to another and may have included first and last names, birth dates, addresses, medical record numbers, the last four numbers of Social Security numbers, and clinical data like examination results, consultation histories, and diagnoses.

There is no reason given regarding the person’s motive for accessing the information. There is also no evidence found that suggests the use of patient data for identity theft or fraudulence. Montefiore Medical Center already notified all affected patients and offered them free identity theft protection services.

This is Montefiore Medical Center’s second incident that involved inappropriate access of medical records in the last 5 months. The first was in September 2020 when the medical center reported the theft of approximately 4,000 patients’ PHI by a former employee from January 2018 to July 2020.