HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

1,300 Patients’ Medical Records Viewed Without Authorization by Palomar Health Nurse

More than 1,300 patients of Palomar Medical Center Escondido are being notified that a former nurse viewed their medical records without authorization while they were receiving treatment at the hospital.

The privacy violations occurred over a 15-month period between February 10, 2016 and May 7, 2017. The unauthorized access was discovered when access logs were reviewed. The audit revealed a pattern of access that was not consistent with the nurse’s work duties.

The audit showed the nurse had viewed the records of patients that had been assigned to her, in addition to patients assigned to another nurse in the same unit.

The incident appears to be a case of snooping, rather than data access with malicious intent. Palomar Health has uncovered no evidence to suggest any information was recorded and removed from the hospital, and no reports have been received to suggest any patient information has been misused. Following an internal investigation into the privacy violations, the nurse resigned.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

The information viewed was limited to names, dates of birth, genders, medical record numbers, treatment locations, diagnoses, allergies, and medications for 1,309 patients. Financial information, insurance details, and Social Security numbers of four patients were present in a part of the medical record system that was accessed by the nurse. Those four patients have been offered identity theft protection services.

Palomar Health is currently implementing a new system that will automatically audit the logs created when medical records are viewed and when access attempts are made. The system will allow the health system to rapidly identify cases of snooping and data theft. Staff at the hospital will also receive additional privacy and security awareness training.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.