DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

University of Pittsburgh Medical Center Privacy Breach Prompts Warning to Patients

Posted on November 27, 2013 by Dissent

Deanna Garcia reports:

UPMC is alerting nearly 1,300 people treated at various UPMC locations over the past year that their records were viewed inappropriately. The now former employee at UPMC McKeesport was not involved in the care of the patients and therefore should not have been looking at their information.

“Another employee called it to the attention to the management of the hospital,” said UPMC spokeswoman Wendy Zellner. “Thus, we took the action we did to terminate this employee.”

Local and federal authorities have also been alerted, and UPMC has notified the U.S. Department of Health and Human Services, as required by HIPAA, the patient privacy law. Zellner said this is an isolated incident and patient information is generally kept safe and secure.

Read more on WESA.

Isolated incident?  What about the employee at UPMC Shadyside who was indicted for improper access and disclosure of PHI? Paul Pepala pleaded guilty in July 2011 and was sentenced to probation for providing patient info to others for tax refund fraud.  It sounds like this employee may have been “just” snooping, but even so…

The notice linked from UPMC’s home page reads:

To protect the privacy rights of its patients, UPMC is alerting nearly 1,300 people treated at various UPMC locations over the past year that their records were viewed inappropriately by a UPMC McKeesport employee who was not involved in their care.

The employee has been terminated, and local and federal authorities have been alerted. Additionally, UPMC has notified the U.S. Department of Health and Human Services as required by the federal Health Insurance Portability and Accountability Act (HIPAA). UPMC is providing additional employee training and continuing its own review with the aim of enhancing its privacy policies and procedures.

“We apologize for any concern or inconvenience that this may cause for our patients. I want to stress that patient care was never affected,” said John Houston, UPMC’s vice president of privacy and information security. “Fortunately, one of our employees who became aware of the inappropriate activity alerted hospital management in early November, and we were able to track and stop this improper behavior. UPMC is committed to meeting our patients’ privacy expectations. We will continue to make significant investments in employee training and the best available tools for managing the use of our patients’ electronic records. However, there is no fail-safe system, and we ultimately depend on the integrity, vigilance and honesty of all of our employees.”

As a result of UPMC’s internal investigation, it was determined that the now former employee accessed patient medical records — including patients’ names, dates of birth, contact information, treatment and diagnosis information, and Social Security numbers — without a valid reason to do so, a violation of HIPAA. “The former employee reported to UPMC that she did not store this information or use it for financial gain,” said Mr. Houston. “But out of an abundance of caution, we deemed it appropriate to inform our patients. We suggest that everyone take steps, including credit monitoring, to protect his or her identity.”

UPMC is sending letters to patients whose information may have been viewed inappropriately in this incident. Patients who have any questions or concerns can contact the UPMC Office of Patient and Consumer Privacy at 412-647-6286 or check UPMC.com for additional privacy resources.

No related posts.

Category: Uncategorized

Post navigation

← Maricopa Community Colleges notifies 2.5M after data security breach (update 6)
LabMD v. FTC update →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges
  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.