According to an article on HIPAA Journal, over a 27 month period an employee of St. Charles Health System in Oregon accessed nearly 2,500 patient records without authorization.
All it took to discover the unnamed employee had been inappropriately accessing patient records was one incident that sparked further review, occurring on January 16, 2017. The caregiver had inappropriately accessed a patient record, leading her employer to review her ePHI access logs. Upon further review of the employees activity, it was discovered that she had been inappropriately accessing patient records since October 8, 2014.
During that time, the caregiver was found to have accessed 2,459 patient files with no legitimate work reason for doing so.”
The caregiver claims that her inappropriate access of patient information was out of pure curiosity, with no harm meant by accessing the records. St. Charles Health System has stated they took ‘swift and appropriate action’, including disciplinary action, however did not provide detail of whether the female employee had been terminated.
The health system does not consider the employee’s actions were criminal in nature, and a signed affidavit was obtained in which the employee stated she had not used or shared any information with others with the purpose of committing fraud, financial crimes or any other crimes against the patients concerned.”
The incident has been reported to Department of Health and Human Services’ Office for Civil Rights as well as state regulators. The patients are also being notified by mail of their breach of privacy. In addition, free credit monitoring as well as identity theft restoration is being offered to the patients whose records were accessed during this breach.
The information accessed during the privacy breach includes patient names, dates of birth, driver’s license numbers, health insurance information, diagnoses, prescribed medications, treatment information and physicians’.
A statement about the incident was issued by Nicole Hough, vice president of compliance at St. Charles Health System, saying “We want our patients and their families and the community to really understand how sorry we are for this situation and understand we took swift action and we are taking action to ensure this doesn’t happen again.”
The post Article: Snooping St. Charles Health System Employee Accessed Almost 2,500 Patient Records appeared first on HIPAA Secure Now!.