Inappropriate Download Leads to BreachHospital Staffer Who Lost Hard Drive Is Fired
A spokesman for MidState Medical Center in Meriden, Conn., which is part of the Hartford HealthCare system, says an employee of Hartford Hospital, another unit of the system that provides services to MidState, inappropriately downloaded patient information to use when working at home. The drive was discovered to be missing on Feb. 15, and the employee was fired for violating policies.
The drive included MidState patients' names, addresses, dates of birth, marital status, some Social Security numbers and medical record numbers. "We have no reason to believe that any personal information has been misused as a result of this incident," the medical center said in a statement on its website.
"MidState Medical Center and other affiliates of Hartford HealthCare are in the process of reviewing their policies and are taking steps to help ensure that this type of incident does not happen in the future," the statement said. The spokesman said those preventive measures will include educating staff members about privacy and security policies.
The medical center is offering patients who may have been affected two years of free credit monitoring.
Under the HITECH Act breach notification rule, breaches that affect 500 or more individuals must be reported to the Department of Health and Human Services' Office for Civil Rights within 60 days. The MidState breach is not yet listed on the OCR's list of major health information breaches.