A former Penn medical assistant allegedly accessed patient records improperly and misused a patient’s information, the Philly Inquirer reported.
Penn Medicine informed nearly 900 patients with records accessible to the former employee, according to the Inquirer. Law enforcement was also notified.
Penn Medicine chief privacy officer Lauren Steinfeld said in a statement to the Philly Inquirer that Penn discovered on April 29 the medical assistant had accessed patient records “without a work-related reason." Steinfeld added that the medical assistant was a contract employee who worked at Penn from February to late April 2019.
“The information accessed may have included demographic and clinical information and, in some cases, may have included Social Security numbers,” Steinfeld said, according to the Philly Inquirer.
Steinfeld said the employee “misused” one patient’s information but did not elaborate on how it was misused, Becker's Hospital Review reported. She also omitted the employee’s name and department.
Penn Medicine added new monitoring software in May 2018 to strengthen the security of patient data and detect suspicious activity. Since then, the software has detected privacy violations that have resulted in employment terminations.
When Penn Medicine announced the addition of the new monitoring software, they said, for example, if an employee who normally does not access medication lists unexpectedly accesses the medication list of a minor patient, the Privacy Office will be sent an alert to prompt an investigation.
Steinfeld said Penn Medicine will review its use of contract employees to ensure they "meet and maintain our high professional standards.”
All comments eligible for publication in Daily Pennsylvanian, Inc. publications.