PHI Breach Affects Millions of New Yorkers
New York City Health and Hospitals Corp. (HHC) reported a security breach of personal health information (PHI) that affects nearly 1.7 million people who received or provided services at affiliate hospitals and clinics. According to HHC, electronic files were stolen, Dec. 23, 2010, from a vehicle operated by GRM Information Management Services. The theft occurred while the driver made other pickups without taking the precaution to lock the unattended GRM van.
The stolen files contained PHI of patients and hospital staff, as well as vendor employees, contractors, and anyone else who received or provided services at or for Jacobi Medical Center, North Central Bronx Hospital, Tremont Health Center or Gunhill Health Center during the past 20 years.
To date, the files have not been recovered but HHC believes it is unlikely the identities of the affected individuals have been compromised. “The data in the stolen files is not readily accessible without highly specialized technical expertise and data-mining tools, and there is no evidence to indicate that the information has been accessed and misused,” HHC says in a press release.
HHC says it began mailing letters in 17 languages to affected individuals the week of Feb. 7, and has reported the incident to all appropriate state and federal oversight, regulatory, and consumer protection agencies within the 60-day federal notice requirement.