Authorities confirmed that the information of 32 patients treated in Atlanta-based Emory Healthcare was in the hands of an identity thief, CMIO reports. Based on reports from Duluth, Georgia, authorities, the individual pled guilty to an identity theft
scheme that involved filing fraudulent tax returns. Names, dates of birth and social numbers were found in possession of the individual, but Emory healthcare indicates it's unlikely any of the patients were financially affected. In an investigation of its healthcare system, Emory discovered that an in-house employee printed five documents in possession of the individual. The health clinic mailed out a breach of security letter warning more than 7,300 patients who may have visited the center during the time of the scheme. Emory believes there was no intent by the in-house employee to purposely put patients' information at risk, but notes that negligence was certainly displayed by the employee. "This issue is in no way a breach of Emory’s EMR system, but rather a human failure to properly follow Emory Healthcare’s prescribed duties and responsibilities for protecting private patient information," the letter stated. "Our more than 14,000 employees, faculty and staff are briefed regularly upon hire and throughout employment on the importance of safeguarding sensitive information - and the severe consequences for failure to properly adhere to these principles."