• E-mail
• Print
• RSS

UPMC under fire, again

HIPAA Weekly Advisor, June 4, 2007

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

The University of Pittsburgh Medical Center (UPMC) is facing public outcry after a donor pitch letter exposed former patients' Social Security numbers (SSN). The letter, which mailed to approximately 6,000 former patients earlier this month, included a tracking code that integrated the SSN, reports the Pittsburgh Post-Gazette. The code was visible through the envelope window.

The inclusion of the SSN was a serious mistake, and could expose the 6,000 recipients to identity theft. UPMC denies that there is any major risk, but still sent out a letter to the potential donors offering credit monitoring for one year.

Click here to read the Pittsburgh Post-Gazette article.

Last month, UPMC was under fire for posting 80 patients' information online. A now ex-faculty member posted a presentation on integrating multimedia into medical records. The presentation included images that displayed patient names and medical record numbers (which are often SSNs). UMPC removed the presentation from the site, but when the medical center replaced its server, it accidentally reposted the presentation including the patient information to the Web site. Officials then re-removed the information, and sent letters to affected patients letting them know what had happened. UPMC offered to pay for a year of credit monitoring to those patients, as well.

Click here to read more on the breach and see a de-identified screen shot.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive