Published: January 13, 2025
UM Health-Sparrow recently notified approximately 400 patients of inappropriate access to their medical record by a former UM Health-Sparrow employee.
The UM Health-Sparrow Corporate Compliance Office regularly conducts audit of employee access to our electronic medical record systems. As a result of a recent audit, on November 20, 2025 we identified that a UM Health-Sparrow employee accessed multiple medical records without an appropriate business purpose between June 1, 2025 and November 11, 2025.
The information viewed by this employee may have included: demographic information including name and address, Social Security number, phone number, email address, date of birth, medical record number, the names of treating physicians, medical treatment and diagnosis information, lab results, medications and appointments. No financial information, credit card, debit card or bank account numbers were included in the information accessed or viewed by the employee.
We determined that this incident occurred because this employee did not follow our policies and procedures despite completing several training courses explaining the obligation to do so. This constituted a violation of our Code of Conduct and our institutional privacy policies. The employee has been disciplined in accordance with our policies and no longer has access to any of our medical record systems.
We take our responsibility to safeguard personal information very seriously and have established a comprehensive privacy compliance program to educate and train our workforce on patient privacy. We also perform several other privacy compliance activities including auditing of access to patient medical records, developing and sharing educational resources and training, conducting investigations of suspected policy violations, and we maintain a full set of privacy policies. Our policies and our privacy program emphasize to our workforce that unauthorized access to patient information is not acceptable and will result in severe disciplinary measures, up to and including termination.
We currently have no knowledge that the information was further used or disclosed for inappropriate purposes. However, we recommend that impacted patients monitor health insurance statements and explanations of benefits for any transactions related to care or services that they have not received. If you received a letter from UM Health-Sparrow regarding this incident and have additional questions, or you would like more information, you can contact our call center at 1-833-788-9712. Representatives are available Monday – Friday from 9 a.m. – 9 p.m. EST.