A Catholic health system based in Vancouver, WA PeaceHealth, has revealed discovered that a former member of staff had accessed the medical history of almost 2,000 patients without any an adequate work reason.
The unauthorized and inappropriate access was found by PeaceHealth on August 9, 2017, leading to an investigation. PeaceHealth say that the unauthorized access started in November 2011 and went on until July 2017.
The internal investigation found that Social Security numbers and financial information were not accessed by the former member of staff, although patient names, medical record numbers, admission and discharge dates, medical diagnoses, and progress notes were all accessed.
PeaceHealth does not think any patients impacted by the violation are at risk of identity theft, due to the type of information that was accessed. However, all impacted patients have been told to remain cautious and review their credit reports and account statements for any sign of fraudulent actions.
Patients impacted by the violation had been treated at either the PeaceHealth St. Joseph Medical Center or its Southwest Medical Center between November 2011 and July 2017. All individuals affected by the incident have now been advised about the privacy breach by mail.
PeaceHealth issued an official statement which read, “Patient privacy is among our highest priorities, and we take this [incident] very seriously.” The employee is no longer a member of staff at PeaceHealth.
PeaceHealth already spends fund annually on technology to prevent data breaches, follows industry best practices for monitoring and safeguarding PHI, and provides on going training to staff on privacy and security. The incident has prompted PeaceHealth to reinforce education of its staff win relation to appropriate accessing of PHI.
The Department of Health and Human Services’ Office for Civil Rights has been made aware of the incident. The breach report shows the PHI of 1,969 patients was improperly seen buy the former member of staff.