25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

EHR of Geauga Medical Center Improperly Accessed by Employee

Posted By on Mar 17, 2016

A former employee of University Hospitals Geauga Medical Center in Chardon, OH., has been discovered to have improperly accessed the protected health information of 677 patients.

An internal review of access logs was conducted after UH discovered a pattern of “unusual access” of its electronic health record system. The investigation, completed on January 13, 2016., revealed that an employee had accessed patient health records without any legitimate reason for doing so. The information accessed included patient names, medical record numbers, dates of birth, details of prescribed medications, and other data recorded during patient visits to Geauga Medical Center.

The employee first started inappropriately accessing patient health records on August 15, 2015, with periodic access continuing until January 3, 2016. No reason was given as to why the individual had accessed the data, although UH does not believe the records were accessed with a view to committing identity theft. UH has not received any reports of inappropriate use of the data or of patients coming to harm as a result of the privacy breaches.

The matter has been reported to law enforcement, state officials, and the Office for Civil Rights, and the employee in question has had his or her employment contract terminated. UH has also notified all affected patients of the privacy breach by mail.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Numerous cases of employees snooping on medical records are reported to OCR each year. Hospitals cannot prevent inappropriate access from taking place, although steps can be taken to reduce the risk of employees snooping on patient health records. UH has responded to the incident by enhancing its monitoring of medical record access to ensure that future privacy breaches are identified more rapidly.

UH has also provided its employees with further training on Health Insurance Portability and Accountability Act Rules with respect to patient privacy to prevent similar incidents from occurring in the future.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist