The following notice by University Hospital in New Jersey is the kind of notification no healthcare entity wants to have to publish. It involves a rogue employee misusing their access to obtain information on patients that may ultimately be provided to personal injury lawyers or those trying to recruit clients or patients who have suffered injuries in motor vehicle accidents. It is the type of insider-wrongdoing that we have seen and reported on the past, although it’s been a while since this blog has seen this type of report.
University Hospital (UH) is committed to protecting the privacy and security of our patients’ information. Regrettably, this notice is regarding an incident we identified that may have a limited group of patients’ information.
On August 24, 2021, we learned that a now-former employee may have accessed and provided patient information to unauthorized individuals between January 1, 2016 and December 31, 2017. This former employee had authorized access to patient information to perform the essential functions of his/her job and exceeded the authorized use of that access. A criminal investigation is ongoing. The individual had access to some patients’ names, addresses, dates of birth, social security numbers, health insurance information, medical record numbers and clinical information related to care you may have received at UH.
This incident did not affect all patients at UH; but only certain patients treated in the emergency department at UH following motor vehicle accidents between 2016 and 2017.
We are mailing letters to those patients whose information may have been involved in this incident beginning on October 11, 2021. As a precaution, we are offering those patients a complimentary one-year credit monitoring and identify protection membership. If you believe you are affected and do not receive a letter by November 15, 2021, please call at 1 (855) 732-0773, Monday through Friday, 9:00 am through 6:30 pm ET.
We want to assure our patients that we are taking this matter very seriously. We deeply regret that this incident has occurred and greatly value the trust our patients have placed in University Hospital. To help prevent something like this from recurring, this individual no longer works at UH, and UH has reviewed internal policies, procedures and staff training pertaining to the privacy of patient information.
This breach was reported to HHS as impacting 9,329 patients.