Corporate Compliance

New York City Health and Hospitals Corp. privacy breach affects 1.7 million

Compliance Monitor, February 16, 2011

The New York City Health and Hospitals Corporation (HHC) must notify 1.7 million patients, hospital staff, and vendors that their personal or protected health information was stolen, according to an HHC press release.

The files were stolen from a GRM Information Management Services vehicle on December 23, 2010, when the driver left the vehicle unattended and unlocked while making other pickups. GRM notified the police, but they have not recovered the files.

The data in the stolen files is encrypted and HHC stated in the press release no evidence indicates that the information has been accessed and misused. However, HHC has taken steps to protect the affected individuals by offering free credit monitoring and fraud resolution services for one year.

HHC terminated its contract with GRM. HHC filed a lawsuit against the vendor that holds it responsible for covering all of the costs associated with notifying the affected individuals and to pay for other damages.

Most Popular