Local Hospital Warns 1,000 Patient Records Wrongly Accessed
January 9, 2017
An area hospital is warning that nearly 1,000 electronic health records were accessed inappropriately.
Infirmary Management Services, Inc, which manages Atmore Community Hospital, discovered during a routine audit in November that an ACH employee accessed the electronic record of approximately 1,000 patents without an appropriate work related reason between October 3, 2015, and November 11, 2016, the company said in a statement.
“This unauthorized access constitutes a breach of patient privacy and is in violation of organizational policy. The information accessed was limited to patient names, hospital admission dates and flowsheets. This employee was authorized to access limited portions of patient records, but contrary to extensive training and specific instructions, unnecessarily viewed other records,” Infirmary said.
The employee was immediately placed on leave and subsequently terminated. ACH said they were assured that the information viewed by the employee was not distributed outside of the hospital or misused.
ACH said the risk from fraudulent activity from the incident is very low; however all affected patients have been notified by mail and instructed they should monitor their personal financial activity as an added safeguard.
ACH patients with questions can call Infirmary at (251) 435-3900.
Comments
7 Responses to “Local Hospital Warns 1,000 Patient Records Wrongly Accessed”
The Russians likely did it. I say that with sarcasm as one of the several million Federal workers whose personal info was hacked by the Chinese. Have come to conclusion, if you’re alive, you’re hackable. This is all the more frustrating because of the repeated training and “safeguards” we were subjected to in order to protect our and other’s personal data. We were not authorized to keep paperwork at our own desk with our own personal info in it due to PII (personally identifiable information) regulations. Lot of good that did!
Former patient, article stated at bottom that employee was put on leave then subsequently terminated, I take that as being fired.
They were accessed within approximately a 45 day window….minus at least two days off per week….how did they get any work done that they were being paid to do. Also I wish it said if said employee was still employed or not. I hope not.
To no big deal…
Apparently you didn’t receive a warning yourself. If you would have you would’ve been notified of the misprint on the dates of the incident. According to my warning it stated that the incident lasted for an entire year. So, you’re telling me this employee happened to “accidentally” access these records through another employees terminal for a year? Try again. These files were purposefully accesssed. You can’t downplay something of this magnitude.
Sure, there are countless entities accessing my records at any given time. That’s fine. However, they better have the clearance and substantial reasoning in order to do so.
I applaud ACH for making this public. I am shocked that MORE incidences are not brought into the light. It happens. All the time. It sounds like this was not malicious.
According to the description it is possible that an employee simply neglected to log out before a different employee used the terminal. Easy mistake. It is possible the accused employee did not even read the records since the article simply states they were “accessed.” There are way too many benign explanations to cause anyone to be upset or feel violated.
I know, I know HIPAA and all that, but come on, folks. If there are electronic records, there are countless entities accessing them.
Will the name be released of this personal who has committed these privacy crimes against the patients ? I mean I don’t understand why their name can be kept private our personal information was invaded & violated by them we at least should know who they are and their identity exposed publicly
This is happening more and more often. It sure doesn’t help that our health records are kept off-site by yet another company. I am amazed that everyone hasn’t figured out that NOTHING is safe on a computer. One of my Doc’s uses a records place somewhere in Michigan (I think)., “so you can easily access it”. Uh-huh, and apparently so can everyone else. Even the company has a disclaimer when you access file..something to the effect of “if you have accessed this information by error please disregard or delete”. Yeah, that didn’t give me a ‘warm and fuzzy’. Of course when I challenged the Doc’s I was the bad guy! Whatever happened to the Privacy Act of 1974?