While the hospital noted that no social security numbers or financial information was accessed, they confirmed the employee viewed some patients' electronic medical records and may have accessed clinical information.
"The hospital did not respond to emails...asking them when the improper access first began, how the hospital discovered or learned of the breach, the department the employee worked in, and the number of patients affected." - PHIprivacy.netWhat remains unclear is when the inappropriate access started and how the hospital learned about the snooping. Often organizations are alerted to insider breaches by a third party, rather than via proactive detection. Proactive breach detection is now available as low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) PA: Ephrata Community Hospital Fires Employee for Snooping in Patient Records - www.PHIprivacy.net, 06/18/2013