In a statement on their web site linked from their home page as a privacy notice, Ephrata Community Hospital in Pennsylvania writes:
Ephrata Community Hospital takes our obligation to protect our patients’ personal health information seriously. Regrettably, this notice concerns some of that information.
On April 16, 2013, we learned that one of our employees had accessed patient medical records prior to that date. Viewing these medical records was outside the employee’s job duties. We immediately began an investigation and confirmed that the employee viewed some patients’ electronic medical records and may have accessed clinical information. The employee did not access any Social Security numbers or other financial information, and Ephrata terminated the employee.
We have no reason to believe that the information was used in any way, but as a precaution, we began sending letter to affected patients on June 14, 2013. We have also established a dedicated call center for patients to call with any questions. If you believe you are affected but have not received a letter by July 1, 2013, please call 1-888-414-8021, Monday through Friday between 9:00 a.m. and 7:00 p.m. Eastern Time. When prompted, please enter the following 10-digit reference code: 8934061413.
We regret any inconvenience this may cause our patients. To help prevent something like this from happening in the future, we are reinforcing education with all staff regarding the importance of maintaining the confidentiality of our patients’ information and appropriate care-related access to patient records.
The hospital did not respond to emails sent both yesterday and today asking them when the improper access first began, how the hospital discovered or learned of the breach, the department the employee worked in, and the number of patients affected.