Physician Law Blog

Hershey Medical Center announced that it will notify 1,801 patients of a data breach. This privacy breach arose out of an employee’s action, which involved taking data home on a removable storage device to work on a personal computer at home after hours. The employee then used his personal email to send updated data to doctors at the medical center. Because the employee worked with the data on devices and systems without the safeguards and controls of the workplace, the medical center could not rule out the possibility of unauthorized access of the information. While Hershey Medical Center did not believe an unauthorized person accessed the information, it felt it needed to notify the patients.