Category: News || By
. . .
UPMC learned of the security breach in early November, Houston said in a prepared statement, "and we were able to track and stop this improper behavior."
The health system is conducting an internal review of its security and privacy rules and is providing additional training to employees, he said.
"There is no fail-safe system, and we ultimately depend on the integrity, vigilance and honesty of all of our employees," Houston said.
. . .
Under HIPAA, access to medical information is generally restricted to the "minimum necessary." Those permitted to view personal information include doctors and nurses directly involved in the diagnosis and treatment of a patient, and the insurance companies paying for that diagnosis and treatment.
People who "knowingly obtain" someone else's personal health information without cause can face a fine of up to $50,000 and a year in prison. Those who obtain that information to use it for malicious or commercial purposes can be fined up to $250,000 and imprisoned for up to 10 years.
The former employee told UPMC she did not "store this information or use it for financial gain," Houston said. "But out of an abundance of caution, we deemed it appropriate to inform our patients. We suggest that everyone take steps, including credit monitoring, to protect his or her identity."
UPMC McKeesport patients who have any questions or concerns should contact the UPMC Office of Patient and Consumer Privacy at (412) 647-6286, a spokeswoman said.
. . .
In the Mon-Yough area, it's the second recent case of someone accessing private medical information without authorization.
Last year, according to published reports, former assistant Monroeville police Chief Steven Pascarella alleged that employees of the municipality's emergency dispatching center were looking up medical information without authorization and sharing the information. The U.S. Department of Health and Human Services in March launched an investigation, according to the Post-Gazette.
To comment on any story at Tube City Almanac, email tubecitytiger@gmail.com, send a tweet to www.twitter.com/tubecityonline, visit our Facebook page, or write to Tube City Almanac, P.O. Box 94, McKeesport, PA 15134.