PeaceHealth: Former Employee Accessed Private Data for Over Six Years

by | Oct 6, 2017

A Catholic health system based in Vancouver, WA PeaceHealth, has revealed discovered that a former member of staff had accessed the medical history of almost 2,000 patients without any an adequate work reason.

The unauthorized and inappropriate access was found by PeaceHealth on August 9, 2017, leading to  an investigation. PeaceHealth say that the unauthorized access started in November 2011 and went on until July 2017.

The internal investigation found that Social Security numbers and financial information were not accessed by the former member of staff, although patient names, medical record numbers, admission and discharge dates, medical diagnoses, and progress notes were all accessed.

PeaceHealth does not think any patients impacted by the violation are at risk of identity theft, due to the type of information that was accessed. However, all impacted patients have been told to remain cautious and review their credit reports and account statements for any sign of fraudulent actions.

Patients impacted by the violation had been treated at either the PeaceHealth St. Joseph Medical Center or its Southwest Medical Center between November 2011 and July 2017. All individuals affected by the incident have now been advised about the privacy breach by mail.

PeaceHealth issued an official statement which read, “Patient privacy is among our highest priorities, and we take this [incident] very seriously.” The employee is no longer a member of staff at PeaceHealth.

PeaceHealth already spends fund annually on technology to prevent data breaches, follows industry best practices for monitoring and safeguarding PHI, and provides  on going training to staff on privacy and security. The incident has prompted PeaceHealth to reinforce education of its staff win relation to appropriate accessing of PHI.

The Department of Health and Human Services’ Office for Civil Rights has been made aware of the incident. The breach report shows the PHI of 1,969 patients was improperly seen buy the former member of staff.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy