Reportedly a doctor and an office manager copied all or parts of the optometry practice's EHR system and used the patient information to market their new employer's services, "in some cases going into Sight and Sun's EHR system to change appointments to the new employer." Sight and Sun has notified 9,000 patients about the unauthorized access,
"the practice learned that its patients’ personal information, including name, address, Social Security number and medical record had been accessed inappropriately. ... All or part of its patients’ medical records were copied." - Sight and Sun EyeworksSight and Sun believes the records were inappropriately accessed and copied to offer other medical service, not for identity theft. However, the 9,000 patients were notified to monitor financial statements for signs of identity theft or fraud.
It's unclear how the Sight and Sound's EHR was being monitored for inappropriate access and changing of appointments. Healthcare organizations can now proactively detect such inappropriate access and activity with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Healthcare Privacy Thieves Deserve No Mercy - www.FierceEMR.com, 06/27/13