HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Glendale Adventist Medical Center Fires Nurse for Inappropriately Accessing ePHI

A nurse employed by Glendale Adventist Medical Center in Glendale, CA has been fired for inappropriately accessing the medical records of 528 patients of the medical center and White Memorial Medical Center in Boyle Heights, CA.

The privacy breach was discovered in June 2016, although it is unclear when the nurse first started inappropriately accessing patient data. Glendale Adventist Medical Center discovered patient data were being accessed during a routine security review.

An investigation into the privacy violations was launched after access logs showed that the employee had been abusing data access privileges. The nurse had been provided with access to ePHI in order to perform work duties. The former employee worked as a per-diem nurse according to a report in the Los Angeles Times.

The investigation into the privacy breaches is ongoing, and as such, only a limited amount of information has been released. A spokesperson for Glendale Adventist Medical Center did confirm with the L.A Times that sensitive patient information that was potentially accessed included names, addresses, dates of birth, Social Security numbers, and medical diagnoses. It is unclear whether data were accessed out of curiosity or whether information was accessed with malicious intent.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

All patients whose personal information was accessed by the former employee have now been contacted by mail and informed of the incident. Additional steps have now been taken at the medical center to prevent future privacy breaches from occurring.

The incident shows that while it is important to implement a host of security defenses to protect the electronic protected health information of patients from external attacks, it is also important to take steps to protect against insider breaches.

It may not be possible to prevent members of staff from inappropriately accessing ePHI, but conducting regular audits of data access logs will limit the damage caused in the event that rogue employees abuse their data access rights.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.