Written by Jeff Byers, October 31, 2011
The Atlanta-based Emory Healthcare was recently informed that information from 32 patients treated in the Emory Clinic section of orthopedics was found in the possession of a non-Emory-affiliated individual.
According to Duluth, GA, police investigators, the individual was involved in an identity theft scheme and has been charged and pled guilty to ID theft with the intent of filing fraudulent tax returns, according to a breach notification letter which was sent to more than 7,300 patients that may have had clinical encounters around the same time with the section of orthopedics.
The documents found included patient information sheets containing names, dates of birth and social security numbers. However, Emory Healthcare stated it has no reason to believe any of the 7,300 individuals have been impacted in any way.
Emory found through its own internal investigation that five items found in the possession of the charged individual was printed by another person, who was an employee of Emory Healthcare. Because the employee was printing this information outside the scope of specified duties, this action was deemed to place patient information at risk, and violated Emory’s standards to strictly monitor and safeguard confidential patient information.
“This issue is in no way a breach of Emory’s EMR system, but rather a human failure to properly follow Emory Healthcare’s prescribed duties and responsibilities for protecting private patient information,” the letter stated. “Our more than 14,000 employees, faculty and staff are briefed regularly upon hire and throughout employment on the importance of safeguarding sensitive information – and the severe consequences for failure to properly adhere to these principles.”
Emory stated it has also implemented additional steps to better protect the confidentiality of all patient information.