On July 10, 2024, a patient contacted Baystate Health’s Patient Relations Department to report concerns about unauthorized access to their medical record and Social Security number by an employee. This prompt report led the organization to escalate the issue to the Baystate Compliance and Privacy Office for an immediate review. In response, Baystate Health launched an investigation that included a thorough audit of the patient’s medical record and interviews with the employee involved to understand the extent of the incident.
The investigation revealed that on January 2, 2024, an employee accessed the registration system without a legitimate business reason. This unauthorized access allowed the employee to view sensitive information, including the patient’s name, address, date of birth, Social Security number, and phone number. The breach of privacy highlighted significant concerns regarding the handling and protection of personal data within the healthcare system.
In light of the findings, Baystate Health took corrective action against the employee involved in the unauthorized access. The organization aimed to reassure the affected patient by offering a complimentary two-year membership to Experian’s IdentityWorks Credit 3B, a service designed to help detect potential misuse of personal information and provide identity protection support. This offer underscores Baystate Health’s commitment to addressing privacy violations and supporting affected individuals.
Although there is no evidence of any misuse of the patient’s Social Security number, Baystate Health is taking these concerns seriously and emphasizes the importance of protecting patient information. The organization has provided instructions to the patient on how to activate the complimentary membership with Experian. This incident serves as a reminder for healthcare providers to maintain robust privacy protocols and continuously assess their security measures to safeguard sensitive patient data.
Reference: