MIAOULIS NOTE: What steps are you taking to prevent authorized users from viewing records? You need strong policies, sanctions and regular review of system activity (HIPAA Requirements).
On October 31, 2011, notification letters were sent to 175 persons whose Deaconess Health System medical records were inappropriately accessed by a now former employee.
The accesses occurred from April through September of 2011. The problem was discovered September 12, 2011, when a department manager reported that an employee may have made inappropriate access to the record of a co-worker. An initial audit confirmed this and other improper accesses, and the employee was terminated. Deaconess continued its investigation by auditing all electronic record activity by the employee for the duration of her employment. This led to the finding of 175 inappropriately accessed records.
Information viewed by the employee included name, address, dates of birth, last four digits of the Social Security Number and, where available, portions of the clinical records of the affected patients.