Dedicated to providing the latest
HIPAA compliance news

Health Access Network Employee Fired for Improperly Accessing Patient Files

Share this article on:

Health Access Network has notified “less than 500” patients of its Lincoln Medical Center that their protected health information was improperly accessed by an employee.

On August 18, Health Access discovered the employee had accessed patient health records without any legitimate reason for doing so. After proof of improper access was obtained, the employee was interviewed but she did not give hospital officials any reason as to why she had viewed patient records.

The woman had been provided with access to files in order to complete her work duties. Health Access Network did not disclose the exact nature of the data accessed by the employee, although the woman was authorized to view patient names, financial information, and Social Security numbers. A review of data access logs revealed no information had been downloaded by the woman, although it was not possible to tell if any patient information had been manually copied.

An investigation of the employee’s computer activities was launched to determine the extent of the privacy breach. The investigation revealed employee records had been improperly accessed over a period of two months between June and August 2016. Each medical record accessed by the employee had to be checked to determine whether there was any legitimate reason for the record being accessed. That process took some time to complete, which delayed the issuing of breach notification letters to patients. However, notifications were sent inside the 60-day HIPAA Breach Notification Rule deadline.

The employee was terminated for violating HIPAA Rules and hospital policies and patients have now been notified of the breach by mail. Since there is a risk that their data were used inappropriately, all affected individuals have been offered complimentary credit monitoring and identity theft protection services.

Health Access Network Chief Executive Officer Bill Diggins said this is the first incident of this nature that the organization has had to deal with. To prevent future incidents, Health Access officials will be conducting regular audits of data access logs of all new employees “until they establish that they understand their obligations.”

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On