Doctor’s unauthorized data sharing causes a breach at TriHealth
Last June, a former physician shared patient data from TriHealth a five-hospital delivery system in Cincinnati, with a student as part of a possible research project.
However, the sharing of data with the student was not permissible because the student was not a TriHealth-approved workforce member and was not authorized to view the data. The organization became aware of the occurrence and now is handling a data breach that affects 2,433 patients who are now being notified that their protected health information was compromised.
Information shared with the student included first and last names of patients, dates of birth, ZIP codes, ethnicity, life status (deceased or alive) and cancer diagnosis information.
“No data was shared that would necessitate us to provide identity theft protection services for patients,” a spokesperson notes.
Social Security numbers, addresses, insurance and financial information were not shared, and TriHealth is not aware of any further access, disclosure or use of patient information. TriHealth is recommending that affected patients read their insurance statement and bills to ensure accuracy of their information.
“TriHealth team members are educated to privacy policies when they are hired and provided with annual re-education,” the organization told affected patients in a notification letter. “Employees are held accountable to
TriHealth policies and violation results in corrective action up to and including discharge from employment. This process was followed for the above matter.”