Employee of Beacon Health System Impermissibly Accessed 3,100 Patients Records
South Bend, IN-based Beacon Health System (BHS) says the medical records of 3,117 patients have been accessed by an employee when there was no legitimate work reason for viewing the records. The unauthorized activity was detected on or around January 10, 2023, prompting an investigation to determine the extent of the privacy violation.
BHS said the employee’s work duties were related to patient registrations, verification of benefits, and patient placements within the hospital. As such, security privileges allowed access to clinical documentation in medical records, as access to clinical information was occasionally necessary. The investigation confirmed on February 20, 2023, that the medical record access was unrelated to the employee’s work duties, with the period of access spanning from November 18, 2018, to February 24, 2023.
The information accessed included names, addresses, birth dates, Social Security numbers, and clinical information such as diagnoses, emergency care treatment information, labs and diagnostic testing, operative and anesthesia documentation, ancillary clinical documentation, and medical histories. BHS said notification letters are being sent to affected individuals and confirmed that the employee no longer works at BHS.
California Secretary of State Confirmed Impermissible Disclosure of Historical Health Records
The California Secretary of State has recently confirmed there has been an impermissible disclosure of historic records. A researcher has requested records from the state’s sterilization program, which are public when they are older than 75 years; however, the records provided to the researcher included data from 1948 to 1952. The records were provided on December 19 and December 22, with the former provided on-site and the latter by secure digital transfer.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The researcher notified the California Secretary of State about the error on December 23, 2022. The disclosure was due to a mislabeled data range. The researcher confirmed the records had not been viewed in detail and have since been deleted from the researcher’s computer. The records included personally identifiable information such as names, family member names, dates of birth, familial medical histories, and medical information such as diagnoses, operation dates, sterilization dates, and other medical information. The California Secretary of State arranged a review of the records and redacted the records from the microfilm.
Sensitive PHI Exposed at Baltimore Occupational Health Service Provider
Boxes of files containing sensitive patient information have been discovered outside Occupational Medical Services in Baltimore, MD. Occupational Medical Services provides drug and alcohol testing and care in worker compensation cases. The boxes had been opened by some members of the public and were found to contain names, contact information, health information, and Social Security numbers.
According to FOX45 reporters, who contacted company owner Joyce Phillips, the files came from a medical facility that had closed down and were due to be collected and shredded. 200 boxes of files had been moved outside where they had remained for a day awaiting collection.
