Information the employee obtained included patient name, date of birth, driver's license number, insurance information, clinical diagnosis, and possibly Social Security numbers. The breach came to the hospital's attention when other employees began reporting in July 2015 that their insurers had recorded unpaid balances and charges for a prescription cream. Investigated found the employee had been inappropriately accessing patient medical records from January 2014 until August 12, 2015.
"accessing patient medical records "in a manner that was inconsistent with her job functions, hospital procedures and ... training," between Jan. 1, 2014 and Aug. 12, 2015." - Hospital statementIt is unclear why the privacy breaches went on for over one and a half years. And as is all too often the case it seems the hospital learned of the breaches from third parties. Healthcare organizations seeking to proactively detect data privacy breaches and identity theft, even if they occur only once, can utilize identity and activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.Sources:
(a) Employee fired after St. Francis data breach - www.GreenvilleOnline.com, 10/26/2015