A breach of 14 patients was discovered in October 2014 and further investigation found a total of 844 patients' had been accessed without an apparent valid purpose. The information accessed included patient demographics, last four digits of social security number, clinical information including diagnosis and clinical notes, and prescription information.
"A pharmacist employee may have accessed [patients'] records without a business or treatment purpose." - Hospital's websiteThe breaches occurred between October 2013 to October 2014. It is unclear why the breaches were no discovered until October 2014. Healthcare organizations seeking proactive detection of data privacy breaches can utilize low-cost on-demand Saas analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Audit finds employee access to patient files without apparent business or treatment purpose - www.CPMC.org, 01/23/2015