Montefiore Medical Center is notifying patients of a recent security breach that involved illegal access to HIPAA Protected Health Information (PHI) by a former employee.

The New York health system announced an employee (who has since been fired) inappropriately accessed electronic Protected Health Information (ePHI), including test results, diagnoses, visit histories along with identifiable patient information which may have included social security and medical record numbers.

Montefiore says it will provide identity theft protection services at no cost to patients affected by this breach, including a year of credit monitoring, a $1,000,000 insurance reimbursement policy, and access to fraud resolution representatives.

Insider snooping by employees and staff has been a major security concern for hospitals, health systems and health care providers. Be diligent and audit user accounts for systems and applications containing ePHI, or enlist your IT department for security monitoring tools.

Security and compliance are first and foremost in the management of our clients' systems. After conducting thousands of SRAs, common vulnerabilities began to emerge. We launched HIPAA Tip Tuesday to make clients aware of what actions they can take to address these vulnerabilities.

Have a great week!