Phoenixville Hospital Provides Notice of Data Privacy Incident
Phoenixville Hospital Provides Notice of Data Privacy Incident
Phoenixville Hospital is notifying individuals whose personal health information was involved in an
incident of unauthorized access.
What happened?
Phoenixville Hospital routinely monitors workforce members’ access to the electronic medical records
maintained for the hospital’s patients. During a recent review, it was discovered that one of the hospital’s
employed workforce members accessed the electronic medical records of a patient on May 1, 2022,
without an apparent business reason. Upon investigation, on May 12, 2022, the hospital discovered this
employee had accessed and viewed additional Phoenixville Hospital patient electronic medical records
between October 2021 and May 1, 2022, without a legitimate business need related to the employee’s job
duties.
What information was involved?
The information that may have been accessed and viewed without authorization by this employee
contained the following data elements: name, address, date of birth, date of encounter, diagnoses, vital
signs, medications, test results, and provider notes. In a few instances, a partial Social Security number
(last 4 digits), and medical insurance company name and identification numbers were viewed.
How will individuals know if they are affected by this event?
Notices were mailed to the affected patients or their personal representatives on July 8, 2022. Those
concerned about the incident who did not receive a letter but would like to know if their information was
affected, may call toll-free at (855) 516-3851, Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern
Time, excluding major U.S. holidays. This number will be in operation between July 8, 2022, and
September 6, 2022.
What can affected individuals do?
Even though no complete Social Security numbers or other sensitive financial account information was
accessed for most of the affected patients, it is recommended that individuals keep a close watch on their
bank statements, credit card statements, personal mail and other bills and financial statements for any
suspicious or unauthorized activity. Individuals should report any unauthorized activity to their bank or
credit card companies. Complimentary credit monitoring is being offered to the few individuals whose
partial Social Security number and medical insurance information was accessed.
What we are doing.
Phoenixville Hospital takes its responsibility to safeguard personal and protected health information very
seriously. The employee was immediately suspended and was subsequently terminated. Phoenixville
Hospital has provided additional training to members of its workforce regarding the appropriate access of
patient information. The hospital continues to provide ongoing mandatory HIPAA/privacy training to its
workforce members regarding appropriate access, use, and disclosure of protected health information.
The hospital is currently investigating potential improvements to its privacy monitoring tools and
processes.
Whom should individuals contact for more information?
If individuals have questions or would like additional information, they may call toll-free at (855) 516-3851,
Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time, excluding major U.S. holidays. This
number will be in operation between July 8, 2022, and September 6, 2022.
Phoenixville Hospital is notifying individuals whose personal health information was involved in an
incident of unauthorized access.
What happened?
Phoenixville Hospital routinely monitors workforce members’ access to the electronic medical records
maintained for the hospital’s patients. During a recent review, it was discovered that one of the hospital’s
employed workforce members accessed the electronic medical records of a patient on May 1, 2022,
without an apparent business reason. Upon investigation, on May 12, 2022, the hospital discovered this
employee had accessed and viewed additional Phoenixville Hospital patient electronic medical records
between October 2021 and May 1, 2022, without a legitimate business need related to the employee’s job
duties.
What information was involved?
The information that may have been accessed and viewed without authorization by this employee
contained the following data elements: name, address, date of birth, date of encounter, diagnoses, vital
signs, medications, test results, and provider notes. In a few instances, a partial Social Security number
(last 4 digits), and medical insurance company name and identification numbers were viewed.
How will individuals know if they are affected by this event?
Notices were mailed to the affected patients or their personal representatives on July 8, 2022. Those
concerned about the incident who did not receive a letter but would like to know if their information was
affected, may call toll-free at (855) 516-3851, Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern
Time, excluding major U.S. holidays. This number will be in operation between July 8, 2022, and
September 6, 2022.
What can affected individuals do?
Even though no complete Social Security numbers or other sensitive financial account information was
accessed for most of the affected patients, it is recommended that individuals keep a close watch on their
bank statements, credit card statements, personal mail and other bills and financial statements for any
suspicious or unauthorized activity. Individuals should report any unauthorized activity to their bank or
credit card companies. Complimentary credit monitoring is being offered to the few individuals whose
partial Social Security number and medical insurance information was accessed.
What we are doing.
Phoenixville Hospital takes its responsibility to safeguard personal and protected health information very
seriously. The employee was immediately suspended and was subsequently terminated. Phoenixville
Hospital has provided additional training to members of its workforce regarding the appropriate access of
patient information. The hospital continues to provide ongoing mandatory HIPAA/privacy training to its
workforce members regarding appropriate access, use, and disclosure of protected health information.
The hospital is currently investigating potential improvements to its privacy monitoring tools and
processes.
Whom should individuals contact for more information?
If individuals have questions or would like additional information, they may call toll-free at (855) 516-3851,
Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time, excluding major U.S. holidays. This
number will be in operation between July 8, 2022, and September 6, 2022.
