A worker at Beacon Health System in South Bend, Ind., who for 3 years was accessing patient emergency department (ED) records without permission or a reason to analyze them, has been blamed for a breach of protected health information at the facility.
An audit by Beacon Health found the unwarranted access of patient information, which occurred from the time period of March 2014 to March 2017.
“While the worker might have had authorizations to view records in certain circumstances, the employee viewed patient records without a permissible reason,” the 3-hospital delivery system pointed out in a press release to local media.
“The worker refused taking or misusing any information, and we’ve no evidence that any data was used to commit fraud or otherwise misused,” the statement continued, demonstrating that the employee is no longer employed at Beacon Health System.
Compromised information involves patient names, Social Security numbers, ages, diagnoses, room numbers, acuity of sickness, chief complaints and some financial and insurance coverage information.
Beacon Heath System is reviewing training materials and putting in place new processes to decrease the likelihood of a similar tragedy occurring again. Affected individuals are being offered 1 year of identity monitoring and identity restoration services from Experian, and they are being asserted to monitor account statements and credit reports.
This is the 2nd major breach of protected health information for Beacon Health System, which operates 3 hospitals, home care services and a medical group practice. A hacking tragedy in May 2015 affected 306,789 people.
Beacon Health refused to give more information on the most recent tragedy, but sent the following statement about the incident:
“Beacon Health System’s Information Security and Privacy Team monitor worker access to records 24/7 and investigate potential issues for appropriateness on a daily basis. After an anomaly outside of Beacon’s routine monitoring was traced, upon further review, there was proof that records other than those that were required to complete this individual’s job duties were viewed. A third party forensic review validated that no data was electronically downloaded or transferred. Out of an abundance of caution, Beacon took the most conservative route to report the tragedy and notify those involved.”
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment