The New York State Attorney General’s Office has announced a settlement with the University of Rochester Medical Center after a privacy breach reported earlier this year.
It is in response to an incident last spring, when officials at URMC said that a nurse practitioner there shared a list containing patient information with a local neurology practice. She had already planned to leave URMC for that other practice.
According to Attorney General Eric Schneiderman, the settlement requires the medical center to train its workforce on policies and procedures related to protected patient health information, notify the Attorney General of future breaches, and pay a $15,000 penalty.
In the settlement, it was noted that URMC had fired the nurse practitioner when it learned of the breach, sent a letter to about 3400 affected patients and received assurances from the other neurology practice that all of the health data had been returned or deleted.
David Kirshner is Senior Vice President and Chief Financial Officer at the medical center. He says the discussion with the attorney general's office has been a good opportunity to reinforce to all of the employees how important patient privacy is.
He says patients who come through the medical center should be confident URMC is doing as much as possible to protect the privacy of their information.
"I think everyone knows this is a challenging world but the investment that the university is making here in making sure that incidents around breaches and privacy and security of data are at the top of our list," Kirshner told WXXI News.
He says URMC is particularly focusing on how it will deal with employees who are leaving the organization when it comes to protecting private data.
