1,300 Patients’ Medical Records Viewed Without Authorization by Palomar Health Nurse

Share this article on:

More than 1,300 patients of Palomar Medical Center Escondido are being notified that a former nurse viewed their medical records without authorization while they were receiving treatment at the hospital.

The privacy violations occurred over a 15-month period between February 10, 2016 and May 7, 2017. The unauthorized access was discovered when access logs were reviewed. The audit revealed a pattern of access that was not consistent with the nurse’s work duties.

The audit showed the nurse had viewed the records of patients that had been assigned to her, in addition to patients assigned to another nurse in the same unit.

The incident appears to be a case of snooping, rather than data access with malicious intent. Palomar Health has uncovered no evidence to suggest any information was recorded and removed from the hospital, and no reports have been received to suggest any patient information has been misused. Following an internal investigation into the privacy violations, the nurse resigned.

The information viewed was limited to names, dates of birth, genders, medical record numbers, treatment locations, diagnoses, allergies, and medications for 1,309 patients. Financial information, insurance details, and Social Security numbers of four patients were present in a part of the medical record system that was accessed by the nurse. Those four patients have been offered identity theft protection services.

Palomar Health is currently implementing a new system that will automatically audit the logs created when medical records are viewed and when access attempts are made. The system will allow the health system to rapidly identify cases of snooping and data theft. Staff at the hospital will also receive additional privacy and security awareness training.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On