Pittsburgh-based UPMC St. Margaret began notifying patients March 5 that their protected health information had been exposed by a former hospital employee who wrongfully shared medication administration data with an outside organization.
UPMC said it became aware of the breach on Aug. 8. The health system discovered that a former employee had sent a medication administration report to an outside organization without a business need.
UPMC terminated the employee's access to its information systems and said the individual is no longer affiliated with the health system, according to UPMC's March 5 statement.
Patient information exposed included names, internal UPMC identification numbers and medication administration data, which may include drug names, dosages and reasons for administration. The health system said no Social Security numbers or medical records were inappropriately accessed or disclosed.