The University of Pittsburgh Medical Center (UPMC) is recovering this week from a public relations storm which blew up when it was discovered that patient-specific information was online and freely available. The data, which included information on 80 patients, was first posted online in 2005, when a faculty member made a presentation on integrating multimedia into medical records. As part of the presentation, the now ex-faculty member had posted screen shots of the e-radiology applications to the radiology department's website, including images. These images were labeled not only with the patient names, but also medical record numbers, which are often their Social Security numbers. The presentation--with patient identification--was removed from the site, but when UPMC recently replaced its server, the information was accidentally reposted to the website. Officials then re-removed the information, and sent letters to affected patients letting them know what had happened. UPMC has offered to pay for a year of credit monitoring for patients whose data was exposed.
To get more information on the breach:
- read this Pittsburgh Post-Gazette article
ALSO: A vendor managing data for the Georgia Department of Community Health has lost personal information on 2.9 million Peach Care for Kids and Medicaid recipients. Article