After a careful and detailed investigation, we have concluded an employee of SUNY Upstate Medical University accessed the records of numerous Upstate patients without a work or job-related reason. This incident occurred between the dates of November 3, 2016 and October 23, 2017 and we discovered on September 12, 2018. To the best of our knowledge, we have no reason to believe any patient’s information was printed, redirected, redisclosed, used or misused by this employee.
The information encompassed the following:
- Demographic information including name, age, address, insurer, and hospital medical record number
- The date(s) patients received care at University Hospital and the services received
- Diagnosis and other care and treatment information such as problem lists, medication lists, and visit notes.
Please be assured that social security numbers, insurance identification numbers, credit card information or other identifying information which can frequently be used for purposes of identity theft were NOT compromised. SUNY Upstate has taken the appropriate steps to notify all patients affected, the United States Secretary of the Department of Health and Human Services, and various media outlets. We have also taken action with the employee that reflects the seriousness with which we view this incident, and the employee is no longer employed by SUNY Upstate Medical University.
It is important that patients affected by this incident exercise caution and be alert to suspicious activities that could result. For example, patients could be contacted by someone who has this information and fraudulently misrepresents his or her purpose in an effort to get you to divulge additional information that could be used for purposes of identity theft.
This incident occurred despite the in-depth training provided to our employees regarding the privacy and security of patient information and the safeguards we have established to protect such information. Because of this incident, Upstate has further strengthened these safeguards by implementing procedural and operational measures to minimize the chance that such an incident could occur again and Upstate has put in place strict penalties for any breach of privacy.If you have questions regarding this incident, please do not hesitate to contact us at 888-759-8001.