UMass Memorial Medical Center, in Worcester, Mass., is notifying about 2,400 patients treated over a dozen years after learning an employee may have opened commercial accounts using data from four patients.

The hospital is not saying that fraud is involved, but believes the employee may have accessed the names, addresses, dates of birth and Social Security numbers of four patients outside of normal job duties, according to a statement. “The information may have been used to open commercial accounts, such as credit card and cell phone accounts.”

An investigation revealed that the employee during employment accessed information on about 2,400 additional patients although no there is no indication the data was misused. “If any access to patient information occurred outside of normal job duties, it would have been during the former employee’s tenure from May 2002 to March 2014,” according to the hospital statement.

(See also: Status Check on Medical ID Theft: Going Up)

The investigation with law enforcement continues. The university is presently not at liberty to disclose how it learned of the impermissible access to information, but a spokesperson says there is no known access outside of normal job duties until 2011.

UMass Memorial is offering one year of free credit monitoring and identity theft protection services from Experian to all 2,400 potentially affected patients. The hospital has contracted with breach notification services firm Immersion Ltd. of Claysburg, Pa., to handle mailings and a call center, and asks patients who are aware of misuse of their information to open commercial accounts to contact the call center.


Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access