Arkansas breach due to terminated resident

By Beth Walsh Clinical Innovation + Technology Nov 27, 2012

The University of Arkansas for Medical Sciences (UAMS) is notifying approximately 1,500 patients of a medical records breach involving a resident physician who was terminated in 2010.

UAMS in Little Rock, Ark., recently discovered that a former resident kept some patient lists and notes regarding patients in violation of UAMS’ policy after leaving facility on June 3, 2010. The documents the resident kept were from January 2010 to June 2010 and contained patient names, partial addresses, medical record numbers, dates of birth, ages, locations of care, dates of service, diagnoses, medications, surgical and other procedure names, as well as lab results, according to a release. No social security, bank account or credit card numbers were included with this information.

UAMS said its HIPAA Office became aware of this incident Oct. 9 when the resident produced the documents during her lawsuit against UAMS regarding her termination from the residency program. On Nov. 7, UAMS became aware that additional documents the resident kept had been provided to UAMS attorneys June 25. The records are now protected by a court order, which prevents them from becoming a public record and will prevent anyone from further using or disclosing the documents.


______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More!