Unencrypted email implicated in Geisinger patient data breach

Even Geisinger Health System, which has touted its sophisticated EHR, is not immune to patient privacy breaches. 

In letters that went out to more than 2,900 patients, Geisinger Health System notified patients that protected health information (PHI) was improperly disclosed when a former Geisinger Wyoming Valley Medical Center gastroenterologist emailed PHI to his home email account without first encrypting it, according to a Geisinger press release.
 
The information included patient names, Geisinger medical record numbers, procedures, indications and physician's notes on the care provided. The PHI did not include any financial information that would make the patients vulnerable to identity theft, according to Geisinger.

After someone at Geisinger spoke with the physician, who The Daily Review identified as gastroenterologist Dr. David C. Shaefer, he authorized his email provider to delete the PHI from its network and servers, according to Geisinger Privacy Officer John Gildersleeve. Shaefer also deleted the information from his home computer. Gildersleeve said it was unlikely the PHI was seen by anyone other than the physician.

Schaefer no longer works at Geisinger, The Daily Review reports. And Geisinger would not comment on his departure.

To learn more:
- read the Geisinger press release
- here's The Daily Review's story

Suggested Articles

The profit margins and management of Community Health Group raise questions about oversight of managed care insurers.

Financial experts are warning practices about the pitfalls of promoting medical credit cards to their patients.

A proposed rule issued by HHS on Tuesday would expand short-term coverage, a move Seema Verma said will have "virtually no impact" on ACA premiums.