Mass General Brigham has terminated two employees for allowing another individual to perform their duties, resulting in a breach of some patients' protected health information.
On April 4, Somerville, Mass.-based Mass General Brigham found out that some patients' personal information might have been seen by an unauthorized person. This prompted the health system to launch an investigation into the matter.
On May 28, Mass General finished its investigation and found out that two employees may have let someone else do part of their jobs and see patient information between Feb. 26 and April 4, according to a HIPAA notice posted on the health system's website.
Right after Mass General discovered the issue, the two employees were immediately fired.
The information that might have been accessed by this user includes names, addresses, medical record numbers, birthdates, email addresses, phone numbers, health insurance policy numbers, Social Security numbers and credit card numbers. It also includes details about visits or stays at Mass General facilities, such as dates, types, locations, reasons for visits and diagnoses. In response to the incident, Mass General said it is improving its security measures, including better training for employees and upgrading its security alert system.
Additionally, the health system is offering 24 months of free credit monitoring and other services through IDX to those affected.