UPMC apologizes for posting private patient information

The University of Pittsburgh Medical Center was trying to figure out how private information for about 80 patients, including names and Social Security numbers and even radiology images of their bodies, wound up on the Internet.
The information was first put on the Web inadvertently in 2005 then taken down. The information from a medical symposium held in 2002 was posted on an area of the Web site where the health system’s faculty members are encouraged to share their work and other data, UPMC said in a statement Thursday.
Once the health network discovered patient names and other information were included, it was removed, but somehow it was posted again and remained on the Web site until UPMC was notified again on Tuesday, said Robert Cindrich, a former federal judge who now serves as UPMC’s chief attorney.
UPMC was notifying the patients affected and offering to pay for credit protection services, just in case the information might have been used by identity thieves. No financial information about patients was posted, nor were patient addresses or other contact information.
{It’s impossible to feel certain that electronic medical records will ever be secure when humans are involved. The University of Pittsburgh Medical Center re-posted 80 sensitive medical records on the Internet. The University didn’t explain why this happened, who was responsible, or the remedies they put in place to ensure that mistakes like this won’t happen again. ~ Dr. Deborah Peel, Patient Privacy Rights}

Leave a Reply

Your email address will not be published. Required fields are marked *