THH Paediatrics Fires Nurse for Accessing Data of 16,500 Patients without Authorization

Takai, Hoover & Hsu has terminated a nurse for accessing the protected health information (PHI) of 16,542 without the correct authorization to do so.

The healthcare provider, owned by Takai, Hoover & Hsu and based in Germantown, MD, has stated that the information may have been passed on to a third-party and used for fraud and other criminal activities.

On April 10, 2019, Takai, Hoover & Hsu, P.A. was notified by county and state police that an individual had been arrested as part of an investigation in a matter unrelated to THH.

The arrested individual was then linked to an employee of THH whom law enforcement suspected of accessing and impermissibly disclosing patient information including names, dates of birth, Social Security numbers, and addresses of the parents of patients.

THH immediately launched an internal investigation to determine whether the individual had illegally accessed the patient data.  THH placed the employee on leave on April 16 pending the outcome of the internal and law enforcement investigations.

THH has limited the amount of access their employees have to patient data following the incident.

No formal charges have been brought against the employee as there is insufficient evidence at this stage in the investigation; no definitive proof has been found to suggest that any patient information was taken and misused.

Following their investigation, THH fired the nurse on May 3, 2019, after receiving further information from law enforcement. The matter has also been reported to the Maryland Board of Nursing.

THH has hired a third-party cybersecurity firm to conduct a detailed investigation of its computer systems to determine what, if any, protected health information has been accessed and whether information was copied.

Following HIPAA’s Breach Notification Rule, letters were sent to the parents of patients on May 28. In the letter, THH states: “As outlined above, THH has taken and will continue to take steps to safeguard and prevent any data breach of its patients’ personal and protected health information.  THH is fully committed to continuing our tradition of high-quality patient care, including the preservation of the confidentiality and security of its patients’ personal and protected health information.”