Unencrypted email implicated in Geisinger patient data breach

Even Geisinger Health System, which has touted its sophisticated EHR, is not immune to patient privacy breaches. 

In letters that went out to more than 2,900 patients, Geisinger Health System notified patients that protected health information (PHI) was improperly disclosed when a former Geisinger Wyoming Valley Medical Center gastroenterologist emailed PHI to his home email account without first encrypting it, according to a Geisinger press release.
The information included patient names, Geisinger medical record numbers, procedures, indications and physician's notes on the care provided. The PHI did not include any financial information that would make the patients vulnerable to identity theft, according to Geisinger.

After someone at Geisinger spoke with the physician, who The Daily Review identified as gastroenterologist Dr. David C. Shaefer, he authorized his email provider to delete the PHI from its network and servers, according to Geisinger Privacy Officer John Gildersleeve. Shaefer also deleted the information from his home computer. Gildersleeve said it was unlikely the PHI was seen by anyone other than the physician.

Schaefer no longer works at Geisinger, The Daily Review reports. And Geisinger would not comment on his departure.

To learn more:
- read the Geisinger press release
- here's The Daily Review's story