Ohio Hospital Worker Snooped on 7,300 Patient Records over 12 Years

A former employee of Aultman Health Foundation accessed 7,300 patient records without authorization for almost 12 years before the HIPAA violation was discovered.

The employee was provided with access to patient records to fulfil duties related to coordinating patient care but was discovered to have accessed patient records when there was no legitimate work reason for doing so. The types of information accessed included patient names, addresses, dates of birth, health insurance information, diagnosis and treatment information, and Social Security numbers.

Aultman said it suspended the employee’s access to patient records as soon as the privacy violation was uncovered, and an investigation was immediately launched to determine the nature and scope of the HIPAA violation. The investigation revealed the employee accessed patient records without authorization from September 14, 2009 until April 26, 2021. The employee was terminated for violating HIPAA and hospital policies.

Aultman has started notifying patients whose records were viewed. Patient’s whose Social Security number was potentially compromised have been offered complimentary credit monitoring and identity theft protection services. Aultman said its employees were aware that they were only permitted to access patient records for work purposes. “To help prevent something like this from happening again, Aultman has provided additional training to its system users and is implementing additional measures to protect the information of its patients,” said an Aultman spokesperson.

The incident appears to be a case of snooping. The former employee is not facing criminal charges and, so far, there is no indication that patient information has been or will be misused.

The Canton, OH-based health system operates Aultman Hospital, Aultman Orrville Hospital, Aultman Alliance Community Hospital, and several urgent care community health centers and physical therapy facilities in Stark County.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.