A former nurse employed at Palomar Medical Center Escondido viewed, without authorization, the medical records of more than 1,300 patients who were receiving treatment at the hospital. Those affected are now being made aware of the breach.
The breaches were experienced over a 15-month period from February 10, 2016 and May 7, 2017. The access that was not permitted was first seen when access logs were reviewed. The audit revealed a range of access that was not normal for the nurse’s work duties.
The investigation showed that the nurse had seen the records of patients that had been allocated to her, as well as people allocated to another nurse in the same area.
The incident appears to be a case of snooping, rather than data access with malicious intent. Palomar Health has uncovered no evidence to suggest any information was recorded and removed from the health center, and no reports have been submitted to suggest any patient data was misused. When an internal investigation into the privacy violations was completed, the nurse resigned from her job.
The information viewed was restricted to identities, dates of birth, genders, medical record numbers, treatment centers, diagnoses, allergies, and medications for 1,309 clients. Financial data, insurance details, and Social Security credentials of four patients were seen in a part of the medical record system that was logged onto by the nurse. Those four patients have been given identity theft protection services as additional safeguard.
Palomar Health is, at present, adapting a new regime that will automatically overlook the logs created when medical records are accessed and when logging on attempts are made. The system will allow the health system to speedily spot instances of snooping and data theft. Hospital staff will also undergo extra privacy and security awareness training.