The University of Connecticut Health Center has notified some 1,400 patients of a healthcare data breach after discovering in January that a former employee had accessed patient records inappropriately.
According to a patient notice
on the health center's website, information accessed included names, addresses, dates of birth, Social Security numbers and clinical data.
“We sincerely regret the inconvenience and concern this may cause our patients," said Iris Mauriello, privacy officer at the health center, in a statement. "The actions of one person do not define the integrity of our entire workforce and all of our collective efforts to ensure the privacy of health records. Our patients rely on each of us to ensure safe and responsible use of the information with which we have been entrusted. We take that very seriously."
Individual notifications and instructions to sign up for a free two-year credit monitoring service were sent March 8 to the 1,400 patients affected by the breach.
Since the August 2009 Breach Notification Rule which requires that HIPAA-covered entities report a breach involving the personal health information of more than 500 individuals to the Office for Civil Rights, Connecticut has seen nine data breaches affecting more than 173,000 patients.
Speaking on the HIPAA final rule at the 2013 HIMSS
Annual Conference & Exhibition, OCR Director Leon Rodriguez
told hundreds of HIMSS13 attendees that some 65,000 breach reports have been filed with the OCR since 2009. "We are now at a point where we have collected a total of over $15 million from our enforcement activity,” said Rodriguez. With business associates now accountable in complying with the HIPAA Security Rule, Rodriguez expects that number to increase significantly.