Phoenixville Hospital Provides Notice of Data Privacy Incident

Data SecurityImage via Pixabay

PHOENIXVILLE, PA — Phoenixville Hospital announced that it is notifying individuals whose personal health information was involved in an incident of unauthorized access.

What happened?

Phoenixville Hospital routinely monitors workforce members’ access to the electronic medical records maintained for the hospital’s patients. During a recent review, it was discovered that one of the hospital’s employed workforce members accessed the electronic medical records of a patient on May 1, 2022, without an apparent business reason. Upon investigation, on May 12, 2022, the hospital discovered this employee had accessed and viewed additional Phoenixville Hospital patient electronic medical records between October 2021 and May 1, 2022, without a legitimate business need related to the employee’s job duties.

What information was involved?

The information that may have been accessed and viewed without authorization by this employee contained the following data elements: name, address, date of birth, date of encounter, diagnoses, vital signs, medications, test results, and provider notes. In a few instances, a partial Social Security number (last 4 digits), and medical insurance company name and identification numbers were viewed.

How will individuals know if they are affected by this event?

Notices were mailed to the affected patients or their personal representatives on July 8, 2022. Those concerned about the incident who did not receive a letter but would like to know if their information was affected, may call toll-free at (855) 516-3851, Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time, excluding major U.S. holidays. This number will be in operation between July 8, 2022, and September 6, 2022.

What can affected individuals do?

Even though no complete Social Security numbers or other sensitive financial account information was accessed for most of the affected patients, it is recommended that individuals keep a close watch on their bank statements, credit card statements, personal mail and other bills and financial statements for any suspicious or unauthorized activity. Individuals should report any unauthorized activity to their bank or credit card companies. Complimentary credit monitoring is being offered to the few individuals whose partial Social Security number and medical insurance information was accessed.

What is Phoenixville Hospital doing?

Phoenixville Hospital takes its responsibility to safeguard personal and protected health information very seriously. The employee was immediately suspended and was subsequently terminated. Phoenixville Hospital has provided additional training to members of its workforce regarding the appropriate access of patient information. The hospital continues to provide ongoing mandatory HIPAA/privacy training to its workforce members regarding appropriate access, use, and disclosure of protected health information. The hospital is currently investigating potential improvements to its privacy monitoring tools and processes.

Who should individuals contact for more information?

If individuals have questions or would like additional information, they may call toll-free at (855) 516-3851, Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time, excluding major U.S. holidays. This number will be in operation between July 8, 2022, and September 6, 2022.

For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News.