The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Main Line Women’s Healthcare Employee Terminated for Photographing Patient Records

Posted By on Oct 25, 2022

A former employee of Main Line Women’s Healthcare in Bryn Mawr, PA, was discovered to be accessing and photographing patient records using a personal cellphone. The investigation into the breach indicates the records of 804 patients of the OB/GYN practice were accessed and photographed.

When the HIPAA violation was detected, the employee was immediately suspended and an internal investigation was launched to determine the extent of the privacy breach and the types of information that had been obtained. The accessed records included patient names, addresses, dates of birth, medical account number, insurance provider, treating physicians, medications, and diagnoses.

The employee worked for Main Line Women’s Healthcare between February 7, 2022, and June 14, 2022, and has now been terminated for the HIPAA violation. A spokesperson for Main Line Women’s Healthcare said it was not possible to determine the employee’s motives, nor whether the copied information has been misused or further disclosed. The privacy breach has been reported to law enforcement and Main Line Women’s Healthcare is assisting with the investigation.

The review of the records was completed on September 7, 2022, and notification letters were sent on October 10. The delay in issuing notifications was due to the time taken to obtain up-to-date contact information. Complimentary credit monitoring services have been offered to affected individuals.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Fred Hutchinson Cancer Center, WA – Email Account Breach

Fred Hutchinson Cancer Center in Seattle, WA, formerly known as Seattle Cancer Care Alliance, has discovered an employee email account has been accessed by an unauthorized individual. The incident was detected on March 26, 2022, when suspicious activity was identified in the email account. The email account was immediately secured, and a forensic investigation was launched to determine the nature and scope of the breach.

Fred Hutchinson Cancer Center discovered on April 18, 2022, that the email account had been accessed by an unauthorized individual between March 25 and March 26, 2022. A document review team was then assembled to review all information in the account and determine how many individuals had been affected and the types of information that may have been accessed. That process concluded on September 9, 2022, and now that up-to-date contact information has been obtained, notification letters are being sent. The types of information exposed varied from patient to patient and may have included name, address, Social Security number, financial account information, medical information, and/or health insurance information. Fred Hutchinson Cancer Center said it is unaware of any misuse of patient information.

Any individual who had their Social Security or government identification number exposed will be entitled to sign up for complimentary credit monitoring and identity theft protection services for 12 months. The incident has been reported to the HHS’ Office for Civil Rights as affecting 500 individuals. 500 is a commonly used placeholder when the number of individuals affected has yet to be determined.

Seton Medical Center Harker Heights – Phishing Attack

HH Killeen Health System, which operates Seton Medical Center Harker Heights in Texas, has started notifying 15,056 patients that some of their protected health information has been exposed and potentially obtained by unauthorized individuals.

The breach occurred at a vendor used by Seton Medical Center Harker Heights. Two employee email accounts were accessed by unauthorized individuals after the employees responded to phishing emails. The accounts were immediately secured to prevent further unauthorized access, and a forensic investigation was conducted to determine the extent of the breach. According to the notification sent to the Texas Attorney General, the attackers gained access to patients’ names and medical information.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist