N.J. volunteer EMS agency says patient data was breached
Lincoln Park First Aid Squad alleges that the state health department’s office of EMS gave the New Jersey State Police Fatal Accident Reporting System access to medical records
By Leila Merrill
TRENTON, N.J. — A volunteer EMS agency in New Jersey says in a news release that patient data in New Jersey was breached, and it has requested formal hearings in the state Senate and Assembly Health Committees.
The Lincoln Park First Aid Squad, also known as Lincoln Park EMS, announced that it and other squads that are part of the EMS Council of New Jersey 17th and 18th Districts, inadvertently found that the state health department’s office of EMS gave the New Jersey State Police’s Fatal Accident Reporting System access to an electronic medical records system used by ambulance services throughout New Jersey. This is said to be an administrator access, which is high-level, without oversight, and includes access to medical records.
The police access to the ImageTrend electronic medical record system was revoked after the breach was reported and evidence was preserved. The system is provided by the Department of Health free of charge to many ambulance services.
Federal HIPAA rules require the EMS service to report any unauthorized access to patient records to the U.S. Department of Health and Human Services.
Lincoln Park First Aid Squad, through its attorneys at Keavney & Streger, LLC, contacted Dr. Terry Clancy, director of the Office of EMS, to get information and determine the nature and scope of the medical records accessed.
According to the news release, Clancy said there was a data-sharing agreement that pertained to opioid overdoses and has strict limits.
The Office of EMS has not responded to a request for comment.
The Squad said that it and its members were threatened with disciplinary action after pausing data sharing with the state because of privacy concerns.
The EMS agency, which provides free service, contacted Commissioner Judith Persichilli about these concerns but has not gotten a reply. So the Squad requested formal hearings in the Senate and Assembly Health Committees.
“The Squad needs to know the scope of this improper access to conduct its federally-mandated data breach investigation. But more importantly, the public has a right to know what medical records were accessed, and why, and if that access is still happening today,” said Matthew R. Streger, attorney for the Squad.