25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Health Access Network Employee Fired for Improperly Accessing Patient Files

Posted By on Oct 26, 2016

Health Access Network has notified “less than 500” patients of its Lincoln Medical Center that their protected health information was improperly accessed by an employee.

On August 18, Health Access discovered the employee had accessed patient health records without any legitimate reason for doing so. After proof of improper access was obtained, the employee was interviewed but she did not give hospital officials any reason as to why she had viewed patient records.

The woman had been provided with access to files in order to complete her work duties. Health Access Network did not disclose the exact nature of the data accessed by the employee, although the woman was authorized to view patient names, financial information, and Social Security numbers. A review of data access logs revealed no information had been downloaded by the woman, although it was not possible to tell if any patient information had been manually copied.

An investigation of the employee’s computer activities was launched to determine the extent of the privacy breach. The investigation revealed employee records had been improperly accessed over a period of two months between June and August 2016. Each medical record accessed by the employee had to be checked to determine whether there was any legitimate reason for the record being accessed. That process took some time to complete, which delayed the issuing of breach notification letters to patients. However, notifications were sent inside the 60-day HIPAA Breach Notification Rule deadline.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The employee was terminated for violating HIPAA Rules and hospital policies and patients have now been notified of the breach by mail. Since there is a risk that their data were used inappropriately, all affected individuals have been offered complimentary credit monitoring and identity theft protection services.

Health Access Network Chief Executive Officer Bill Diggins said this is the first incident of this nature that the organization has had to deal with. To prevent future incidents, Health Access officials will be conducting regular audits of data access logs of all new employees “until they establish that they understand their obligations.”

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist