The Baltimore Sun reports that Baltimore police are investigating a security breach at Mercy Medical Center that left certain patient records open to possible identity theft. According to the article, affected former patients were sent a letter informing them that their personal patient records may have been accessed by a former employee in order to apply for credit cards and loans. A Maryland state law that became effective in 2008 would require Mercy Medical Center to notify these individuals promptly in the event of such a breach. 

This case is yet another example of personal information being accessed for improper purposes by hospital staff and demonstrates the need for hospitals to establish strict privacy controls and notification procedures.