Geisinger discloses potential patient data breach
Geisinger Health System acknowledged that some protected health information (PHI) of approximately 2,928 patients had been disclosed in an unauthorized manner in a press release dated Dec. 27, 2010. Affected patients were notified by letter, according to the provider.
On or about Nov. 3, 2010, a limited amount of PHI was emailed by a former Geisinger Wyoming Valley Medical Center gastroenterologist from his Geisinger computer to his home email account in an unencrypted manner, the release stated. “The physician had sent this information to his home computer to complete an analysis of his procedures,” and Geisinger said it became aware of the action on Nov. 6.
Unencrypted information included patient names, medical record numbers, procedures, indications and the physician’s brief impressions regarding the care provided, Geisinger stated. It did not include addresses, telephone numbers, Social Security numbers, patient account information “or any financial information that could make affected patients vulnerable to financial identity theft.”
“Notification to patients was completed as part of Geisinger’s health information security program and in compliance with the Health IT for Economic and Clinical Health (HITECH) Act of 2009,” the release stated.
On or about Nov. 3, 2010, a limited amount of PHI was emailed by a former Geisinger Wyoming Valley Medical Center gastroenterologist from his Geisinger computer to his home email account in an unencrypted manner, the release stated. “The physician had sent this information to his home computer to complete an analysis of his procedures,” and Geisinger said it became aware of the action on Nov. 6.
Unencrypted information included patient names, medical record numbers, procedures, indications and the physician’s brief impressions regarding the care provided, Geisinger stated. It did not include addresses, telephone numbers, Social Security numbers, patient account information “or any financial information that could make affected patients vulnerable to financial identity theft.”
“Notification to patients was completed as part of Geisinger’s health information security program and in compliance with the Health IT for Economic and Clinical Health (HITECH) Act of 2009,” the release stated.