Codman Square Health Center which is based in Massachusetts suffered data breach recently. It is notifying patients about the incident which exposed some of their information due to unauthorized HIE access. 
“Codman Square Health Center is a community-based, outpatient health care and multi-service centre which opened the facility in 1979. The facility started with two-physician staff. Today, a staff of 280 multi-lingual and multi-cultural expert clinicians, medical staff and employees, most of whom reside in the neighborhoods surrounding Codman Square take care of 115,000 client contacts each year. It also has developed an astounding depth and breadth of community programs, as well as strong partnerships with other organizations.”
On July 13, 2016 facility mentioned that an employee had accessed the New England Healthcare Exchange Network (NEHEN) without authorization. It also mentioned that the conduct of the employee was against Codman policies. As per the OCR data breach reporting tool, 3,840 individuals were affected.
Facility website mentioned that some access information may have included that of non-Codman patients.
Affected information included names, addresses, dates of birth, gender, medical services payer information, and medical insurance coverage information. Social Security numbers may have been included in some cases. Codman said that there is no indication that the information was misused.
Facility will send notification via mail. Only those individuals will receive a letter who were affected by the data security incident.
“Those Codman patients who do not receive a letter have not been affected,” Codman explained.
“For affected individuals who are not Codman patients, those directly affected will be notified by mail if contact information is provided. The health center has suspended or terminated all employees involved in the incident. Codman Square has also retrained all employees.”
____________________________________________________________________________________________
Alertsec is used by organizations that have recognized the need to protect their information.