Three years after a former nurse practitioner at the University of Rochester (N.Y.) Medical Center stole patient information and shared it with her new employer, the New York State Education Department Office of the Professions suspended her license, Democrat & Chronicle reports.
Martha Smith-Lightfoot was suspended for 12 months, effective April 10. She has also been ordered 12 months stayed suspension and two years probation upon her return to practice.
Around April 15, 2015, Ms. Smith-Lightfoot shared spreadsheets containing personally identifiable information of about 3,000 patients to another health provider, according to a consent order she signed in November 2017. The breach resulted in URMC being fined $15,000.
URMC learned of the breach only after patients told the hospital they'd received letters from Greater Rochester Neurology, Ms. Smith-Lightfoot's new employer. Ms. Smith-Lightfoot said she planned to use the spreadsheets to ensure continuity of care for her URMC patients, but she was not given permission by URMC or the patients to share the information.
A Greater Rochester Neurology staff member told Democrat & Chronicle Ms. Smith-Lightfoot hasn't worked at the clinic for some time and an attempt to reach Ms. Smith-Lightfoot was unsuccessful, the report states.
In December 2015, the New York attorney general levied the fine against URMC, at which time the Education Department declined to confirm or deny whether it was investigating Ms. Smith-Lightfoot.
More articles on cybersecurity:
Former IBM security exec joins Protenus as CFO: 3 things to know
Congressional leaders to HHS: It's unclear if troubled cybersecurity center 'still exists'
Cybersecurity problems plague healthcare M&A: 7 report insights