U. of Miami discloses patient records breach

The University of Miami Health System has begun notifying patients that their personal information may have been accessed and sold to outside parties by two employees under investigation who have since been fired.

A statement from the system said it was notified by law enforcement that two employees at the 525-bed University of Miami Hospital admitted to accessing patient-registration records called "face sheets." The records include names, addresses, dates of birth, insurance policy numbers and Social Security identifiers for Medicare and Medicaid patients whose insurance numbers are the same as their Social Security number.

The statement said records containing other financial or medical information were not affected. Patients who were treated between October 2010 and July 2012 at the hospital were potentially affected.

Although the hospital learned of the breaches in July, it said it waited to announce the situation until this month at the request of investigators.

Last month, a former employee in the emergency intake area of a different hospital—Florida Hospital Celebration Health—was arrested following a federal investigation into a security breach. The employee is accused of accessing 760,000 patient records with names, dates of birth, Social Security numbers and insurance information, according to news accounts. The employee in that case was accused of selling the information to someone who then provided it to chiropractors and attorneys.