Geisinger Health System said Monday nearly 3,000 of its patients received notices informing them that some of their Protected Health Information was disclosed in an unauthorized manner.

On November 6, the Danville, Penn.-based health system discovered that a former gastroenterologist working at the Geisinger Wyoming Medical Center e-mailed some PHI from his work computer to his home e-mail account "in an un-encrypted manner" to complete an analysis of his procedures at home, according to the release.

The information included patient names, medical record numbers and indications about the provided care. However, social security numbers, addresses or financial information that can put patients at risk for identify theft were not disclosed.

"Immediately upon speaking with the physician, he contacted and authorized his home e-mail provider to delete the protected health information from its network and servers," John Gildersleeve, Geisinger privacy officer, said in prepared remarks. "He also deleted this information from his home computer."

Affected patients were notified as part of the health system's health information security program and due to provisions in the Health Information Technology for Economic and Clinical Health Act of 2009.

"We have reviewed our internal practices and taken appropriate action to avoid recurrence," said Gildersleeve. "With the short time frame and the doctor's forthright explanation, we believe there is little risk that the protected health information was seen by anyone other than the physician himself. We take our commitment to maintaining our patients' privacy seriously and regret any inconvenience this inadvertent disclosure may have caused."

More Industry Headlines