Paul J. Gough reports that an employee of UPMC St. Margaret was fired after they sent a record to an unidentified outside organization that contained patient information. A march 5th statement on UPMC’s web site reveals that on August 8, 2020, UPMC first became aware of the inappropriate disclosure of a medication administration account to an outside organisation without a business demand for the protected health information. Through the investigation, UPMC determined that names, internal UPMC identification numbers and medication administration data may have been inappropriately disclosed. Medication establishment data may include the drug name, dosage, time/date of administration, and reason for administration. please live assured that neither social Security Numbers nor medical records were inappropriately accessed/disclosed. UPMC terminated the employee’s access to UPMC systems and terminated the employee’s employment with UPMC. federal authorities were also notified. On march 5, 2021 UPMC began mailing letters to affected patients. Their statement does not explain why the delay in notification from discovery. Did law enforcement bespeak the delay? Is there any criminal investigation ongoing? DataBreaches.net sent an enquiry to UPMC this morning, but has received no reply by publication time. This post will live updated if and when an explanation for the wait is received. The incident does not appear on HHS’s public transgress tool, and UPMC’s argument does not designate whether there were more than 500 patients or fewer than 500 patients involved.