6,200 Patient Records Illegally Accessed by Hospital Employee

by | Jan 28, 2017

Covenant HealthCare has advised more than 6,000 patients that their electronic medical records were inappropriately accessed by one of its staff members.

The improper access was identified during a November 2016 review of EMR access logs. The audit revealed an unusual pattern of medical record access by a member of staff. Covenant HealthCare immediately ordered a full investigation into ePHI access by the employee to determine which medical records had been accessed and whether there was any legitimate reason for those records to have been accessed.

The review showed that the Covenant HealthCare employee first began improperly accessing its electronic medical record system on February 1, 2016. The improper access went on for nine months until November 21, 2016 and involved 6,197 patients. A range of data were possibly viewed including patient’s names, dates of birth, home addresses, health insurance information, diagnostic and treatment information, medical record numbers, Social Security numbers and driver’s license details.

Covenant HealthCare spokesperson Kristin Knoll revealed in a statement that an investigation into the HIPAA breach was immediately initiated and resulted in sacking of the employee. Knoll also confirmed that the breach has been filed to all appropriate agencies.

Affected patients have now been warned of the breach by mail, although the delay in issuing notifications was because Covenant required two months to complete its review.

No reports of misuse of patients’ information have been sumitted to date by Covenant HealthCare. All patients who have had their Social Security numbers accessed will be offered free credit monitoring and protection services to minimize risk.

To avoid future breaches like this, Covenant HealthCare has increased ongoing training on patient privacy. Audits of ePHI access logs will also be carried out more often to ensure that any future inappropriate access is identified quickly.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy