Mississippi's Merit Health notifies patients of data breach

The 12-hospital Merit Health system is notifying hundreds of its current and former patients that their protected health information has been compromised after discovering an employee was involved in identity theft.

Merit, based in Jackson, Mississippi, only learned of the breach after local law enforcement notified them that one of their employees at Merit Health Northwest Mississippi was under investigation for identity theft, according to a statement. The employee was allegedly swiping patient files for more than a year undetected, from February 2013 through June 2015. Law enforcement notified the hospital July 1, 2015.

[Also: Massachusetts HIPAA fine shows the financial risk in healthcare breaches ]

The employee, who was eventually suspended and barred access to the building and IT systems, swiped records containing patient names, Social Security numbers, medical diagnoses data, health plan data and also payment information.

The hospital "sincerely regrets this happened," read an online notice.

The hospital did not respond to questions around how many individuals were impacted by the breach, what type of employee had access to these files and what the organization is  doing to prevent something like this from happening in the future, from access management to education and new policies. A local news agency, however, is reporting that 810 patients are being notified of the breach. 

This first appeared on Healthcare IT News. It has been edited.

Twitter: @HFNewsTweet