It seems the nurse's access to the database was not shut off when his job was assigned to someone else. As a result he was able to illegally access patient records for eight months until an audit found the error.
"Yes, it’s very clear under federal law and state law that you can only access the data when you have a need to access the data."Unfortunately it's not uncommon for access rights to be left active after an employee leaves their position. Therefore frequent auditing of who has which access rights must be done on a regular basis. This is easily accomplished with low-cost on-demand SaaS analytics services.
- Minnesota Board of Pharmacy executive director Cody Wiberg
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Blue Cross Blue Shield Nurse Accused Of Illegally Accessing Patient Records - www.Minnesota.CBS.com, 03/02/2015