BEND, OR -- St. Charles Health System is working to notify nearly 2,500 patients whose electronic medical records were accessed by an employee without authorization. She was able to view personal information including names, dates of birth, addresses, insurance information and driver’s license numbers, along with diagnoses and treatment information. The woman reportedly told investigators she looked at the data because she "was curious."
Nicole Hough is the Compliance Officer for St. Charles and tells KBND News, "This caregiver, both in her interview and in a signed affidavit, indicated that she has not used or shared, nor does she intend to use or share any of the confidential patient information she viewed. She has not downloaded it; she has not printed it, saved it, anything of that nature."
The breach was discovered during a standard audit, which Hough says is done periodically to check for irregularities in records access. "In this case, this caregiver had a legitimate need to have access to the medical records as part of her job responsibilities; she provided direct patient care. So, when we ran an audit, we noticed that with one patient, we could not really understand or justify the access that we saw, and that started our investigation." They found that between October 2014 and mid-January of this year, the woman may have reviewed as many as 2,459 files.
Viewing the files violates company policy and federal HIPPA laws. "We did take swift and appropriate disciplinary action with this individual," says Hough. "I think we want to, above all else, make sure that the effected patients, their family and our communities, that they know how very seriously St. Charles takes this situation. And, that it is the policy of St. Charles to insure we protect the privacy and security of our patients." She says effected patients are being offered credit monitoring and identity theft restoration services.