25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Glendale Adventist Medical Center Fires Nurse for Inappropriately Accessing ePHI

Posted By on Dec 5, 2016

A nurse employed by Glendale Adventist Medical Center in Glendale, CA has been fired for inappropriately accessing the medical records of 528 patients of the medical center and White Memorial Medical Center in Boyle Heights, CA.

The privacy breach was discovered in June 2016, although it is unclear when the nurse first started inappropriately accessing patient data. Glendale Adventist Medical Center discovered patient data were being accessed during a routine security review.

An investigation into the privacy violations was launched after access logs showed that the employee had been abusing data access privileges. The nurse had been provided with access to ePHI in order to perform work duties. The former employee worked as a per-diem nurse according to a report in the Los Angeles Times.

The investigation into the privacy breaches is ongoing, and as such, only a limited amount of information has been released. A spokesperson for Glendale Adventist Medical Center did confirm with the L.A Times that sensitive patient information that was potentially accessed included names, addresses, dates of birth, Social Security numbers, and medical diagnoses. It is unclear whether data were accessed out of curiosity or whether information was accessed with malicious intent.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

All patients whose personal information was accessed by the former employee have now been contacted by mail and informed of the incident. Additional steps have now been taken at the medical center to prevent future privacy breaches from occurring.

The incident shows that while it is important to implement a host of security defenses to protect the electronic protected health information of patients from external attacks, it is also important to take steps to protect against insider breaches.

It may not be possible to prevent members of staff from inappropriately accessing ePHI, but conducting regular audits of data access logs will limit the damage caused in the event that rogue employees abuse their data access rights.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist