Hospital’s EHR company sees HIPAA breach
March 18, 2013 in Medical Technology
This story has been updated.
Lawrence Melrose Medical Electronic Record Inc., in Melrose, Mass. will notify the Office for Civil Rights of a data breach after an employee improperly accessed the electronic medical records of some 200 patients across six different medical practices.
LMMER was organized by Hallmark Health System, located in the greater Boston area.
[See also: IRS faces class action lawsuit over theft of 60 million medical records.]
According to Rick Pozniak, system director of marketing, communications and public affairs, Hallmark Health System, the employee who accessed these patient records without proper authorization has since had their employment terminated.
Patient information compromised includes patient names, Social Security numbers, health insurance data and clinical information. “Both the physician’s practice and HHS deeply regret and apologize for any concern or inconvenience this situation may cause the patients,” said Pozniak in an emailed statement. “We are in the process of reviewing the privacy and security of our electronic medical records system and making improvements to the security safeguards we currently employ.”
Letters were mailed to patients affected on or around March 14.
[See also: OCR director talks HIPAA survival.][See also: OCR director talks HIPAA survival.]
The six practices include: Canan Avunduk, MD; Maury Goldman, MD; Hallmark Health Medical Associates; Main Street Family Practice; John Mudrock, MD; and Womens Healthcare Associates.
Credit monitoring services will be provided to patients affected by the breach.
Some 65,000 breach reports have been filed with the OCR since 2009, with $50 million being collected from enforcement activity.