UPMC is alerting nearly 1,300 people treated at various UPMC locations over the past year that their records were viewed inappropriately. The now former employee at UPMC McKeesport was not involved in the care of the patients and therefore should not have been looking at their information.
“Another employee called it to the attention to the management of the hospital,” said UPMC spokeswoman Wendy Zellner. “Thus, we took the action we did to terminate this employee.”
Local and federal authorities have also been alerted, and UPMC has notified the U.S. Department of Health and Human Services, as required by HIPAA, the patient privacy law. Zellner said this is an isolated incident and patient information is generally kept safe and secure.
“We do everything that we can possibly to do keep patient records private,” Zellner said. “There’s very stringent rules within the hospital and certainly federal and state rules regarding privacy. We have extensive electronic systems, regular employee trainings. In this case the employee was not following the policies and procedures and training that were involved.”
An internal investigation determined the employee accessed patient medical records, including patient names, dates of birth, contact information, treatment and diagnosis information and Social Security numbers. Zellner said the employee reported that she did not store the information or use it for financial gain.
“But we think we have to be cautious and let people know they should be alert, as everyone should be about their identity, and should be checking their bills, their credit card receipts and do credit monitoring to keep an eye on what’s going on,” she said.
UPMC is sending letters to patients whose information may have been viewed in this incident.