EHR snooping: 7,000+ Ohio health system patients potentially victimized
Photo: Mikhail Nilov/Pexels
An Ohio-based health system began notifying patients this past week that a former employee may have inappropriately accessed their private records.
Aultman Health Foundation, which is headquartered in Canton, Ohio, said that the former employee could have snooped on patient data for more than a decade, according to the Daily Record.
"Upon discovering this, the employee’s access to Aultman’s electronic health record system was suspended, and an investigation was conducted to determine the nature and scope of the incident," said company representatives.
WHY IT MATTERS
As reported by the Daily Record, about 7,300 patients across Aultman's health system had their information involved in the incident.
Between September 14, 2009, and April 26, 2021, the employee may have accessed patients' names, addresses, birthdays, Social Security numbers, insurance information and diagnosis and treatment information, said Aultman.
The employee allegedly had access to patient data as part of their job coordinating patient care. The information they accessed was outside the scope of their duties.
Although they have not been identified and will not be facing criminal charges, the health system did fire them.
Aultman said there is no indication patient data has been misused, but that it's offering free credit monitoring and identity-theft protection to those whose Social Security numbers may have been exposed.
THE LARGER TREND
Snooping may not be as headline-grabbing as other security risks, such as ransomware, but it still presents a very real concern for health systems.
In March 2020, a cybersecurity firm had warned that COVID-19 could present a heightened temptation for hospital workers to poke into patient records without proper justification to do so.
And earlier this year, Montefiore – a health system in New York – reported that an employee had inappropriately accessed patient information between June 2020 and November 2020.
ON THE RECORD
"To help prevent something like this from happening again, Aultman has provided additional training to its system users and is implementing additional measures to protect the information of its patients," said Aultman in a statement.
Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.