Penn Medicine officials said Tuesday that a former medical assistant at the hospital system had accessed patient records improperly and allegedly “misused” one patient’s information.
Lauren Steinfeld, Penn Medicine’s chief privacy officer, said in a statement that the assistant was a contract employee, hired through a staffing agency, and worked at Penn from February through late April. She did not provide the name of the employee, or the name of the person’s department.
On April 29, Penn learned that the employee had accessed patient records “without a work-related reason,” Steinfeld said.
“The information accessed may have included demographic and clinical information and in some cases, may have included Social Security numbers,” Steinfeld said.
Steinfeld said she was aware of one patient whose information was “misused," but did not specify how the information had been used. Still, the employee had contact with about 900 patients’ records while employed at Penn Medicine, and the hospital system has contacted all of the patients about the breach, Steinfeld said.
The hospital system has also notified law enforcement agencies, she said. Any patients with questions can call 1-833-389-2401.