PeaceHealth Worker Accessed Medical Files Without Approval for Nearly 6 Years

PeaceHealth, centered in Vancouver, WA, has found one of its former workers had retrieved the medical files of nearly 2,000 of its sick persons without any genuine work reason for doing this.

PeaceHealth found the illegal access on August 9, 2017, causing an inquiry. PeaceHealth concluded the illegal access began in November 2011 and carried on until July 2017.

The inquiry proved financial information and Social Security numbers were not retrieved by the worker, even though patient names, admission, and discharge dates, medical diagnoses, medical record numbers, and progress notes were all seen.

Because of the nature of info which was retrieved, and the outcomes of the internal inquiry, PeaceHealth doesn’t believe any patients affected by the breach are in danger of identity thievery. Nevertheless, all affected people have been instructed to remain cautious and check their credit statements as well as account statements for any indication of illegal activity.

Patients affected by the breach had paid a visit to either the PeaceHealth St. Joseph Medical Complex or its Southwest Medical Complex from November 2011 to July 2017. All people impacted by the event have now been informed of the breach by post.

PeaceHealth released a statement stating, “Patient secrecy is among our top urgencies, and we take this [case] extremely seriously.” The worker no more works for PeaceHealth.

PeaceHealth now invests in technology to avoid data breaches, obeys industry best practices for checking and protecting PHI, and offers training to the workforce on security and privacy. The event has encouraged PeaceHealth to support the education of its workforce with regard to proper accessing of Protected Health Information.

The case has now been informed to the Division of Health and Human Services’ OCR. The breach report shows the Protected Health Information of 1,969 patients was wrongly retrieved.