1,140 Patients Have Private Data Exposed at Our Lady of the Angels Hospital

An investigation has show that a former member of staff obtained the medical records of 1,140 patients without authorization at Our Lady of the Angels Hospital.

The former staff member had been granted access to the protected health information in order to conduct work duties; however, hospital staff found that the employee was accessing medical records without any acceptable work reason for doing so.

The unauthorized access was found on July 25, 2017, and the employee’s access to the medical record system was immediately deactivated.  The employee was also fired.

Rene Ragas, President and CEO, Our Lady of the Angels Hospital, commented, “Patient privacy is a top priority and we have a zero-tolerance policy for employees who improperly access patient data.”

A compete investigation was carried out to determine which patients had been impacted, which showed the former employee had been inappropriately accessing the medical records of patients for longer than three years.

The Bogalusa, LA hospital was purchased by the Franciscan Missionaries of Our Lady Health System on March 17, 2014, which is the date given for when the improper access began. It is not yet clear whether the employee had been accessing medical records without authorization prior to that date, when the hospital was operated by LSU Health under the name LSU Bogalusa Medical Center.

The former employee was questioned about the improper access and it does not appear that any patient health data was shared with any other people or was used improperly. This now seems to be another case of a healthcare employee accessing medical records out of curiosity.

Even though data theft and misuse is not suspected all individuals whose privacy was breached have been offered 12 months of credit monitoring services without charge.

The types of data obtained by the former employee includes names, addresses, phone numbers, dates of birth, sex, insurance information, social security numbers, diagnoses, dates of services, places of services, and clinical data such as orders, test results, medications, and clinical abstracts.

Our Lady of the Angels Hospital is currently auditing internal policies and procedures and will be revising its review processes to ensure any future privacy breaches of this nature are found more rapidly in future. Extra training is also being given to employees regarding the privacy and security of PHI.

Author: Maria Perez