Beacon Health System in South Bend, Indiana is notifying about 1,200 patients that a former employee accessed records without the proper authorization, although the system stressed that it's unaware of any actual or attempted misuse of the information.
While the ex-employee in question may have had authorization to view patient records in certain circumstances, they exceeded permissible access to view records for some patients, the system said.
Beacon conducted an audit of employee access to medical records near the end of March, and discovered that some patient records were accessed inappropriately between March 2014 and March 2017. The information contained various types of data, including Social Security number, age, diagnosis, room number, acuity of illness, chief complaint, and perhaps even some financial account information or health insurance coverage information.
Even though it didn't identify any actual misuse of the information, Beacon is offering affected patients access to free identity monitoring and restoration services. In addition to the patients the system also provided notice to state Attorneys General and the U.S Department of Health and Human Services.
"We take patient privacy very seriously," said Mark Warlick, Beacon's chief information officer, in a statement. "We have taken steps to prevent another incident of this kind from happening by implementing additional protocols, reviewing our policies and procedures and providing additional training to staff."
Twitter: @JELagasse