The following notice is linked from Allina Health‘s home page:
Allina Health is committed to protecting the privacy of our patients’ personal information. Regrettably, this notice concerns an incident involving some of that information.
A certified medical assistant at an Allina Health clinic viewed patients’ personal health information unnecessarily. Only those caregivers with a role in patient care are authorized to access medical records. We make every effort to protect the privacy of our patients, and have strict policies to limit access to information. Our policies include a zero tolerance approach to protecting patient information against unauthorized access, and we have terminated the employment of this individual.
We began a thorough investigation after the first unauthorized access was confirmed on September 18, 2013. In the course of our investigation, we determined that the individual accessed some patients’ electronic medical record outside of her normal job duties between February, 2010 and September, 2013. This employee had access to demographic information (name, address, telephone number, date of birth), clinical information, health insurance information and the last four digits of these patients’ social security number.
This did not affect all Allina Health patients and we have no evidence to suggest that the information is being used for financial gain. We began sending letters to affected patients on October 25, and have established a dedicated call center to answer any questions they may have. If you believe you are affected but do not receive a letter by November 15, 2013, please call toll free
1-866-317-7301, Monday through Friday from 8:00 AM to 6:00 PM (Central Time). This number will be activated beginning at 8:00 a.m. Monday, October 28.We deeply regret that this occurred and want you to know we are committed to protecting the privacy of our patients’ personal information. To help prevent similar incidents from happening in the future, we are evaluating our policies related to protecting patient information, examining our computer security programs and continuing to educate employees on their obligation to maintain the privacy of patient information.
Christopher Snowbeck of Pioneer Press reports that 3,800 patients treated at Allina’s Inver Grove Heights clinic are being notified. Significantly, it was a co-worker who alerted the health system to concerns over the employee’s accessing of records.