DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

California Pacific Medical Center discovers employee was improperly accessing patient records for one year

Posted on January 25, 2015 by Dissent

The following press release from California Pacific Medical Center, a Sutter Health facility, was submitted to the California Attorney General’s web site today. A copy of the notice, dated January 23, 2015, is also posted on CPMC’s web site:

Audit finds employee access to patient files without apparent business or treatment purpose

California Pacific Medical Center (CPMC) recently notified 844 patients of its discovery that a pharmacist employee may have accessed their records without a business or treatment purpose.

CPMC first learned of the incident through a proactive audit of its electronic medical record system on October 10, 2014. The initial audit resulted in identification and notification of 14 individuals on October 21, 2014. Following its policy, CPMC terminated its relationship with the employee and broadened the investigation

The expanded investigation identified a total of 844 patients whose records the employee may have accessed without an apparent business or treatment purpose. It is unclear whether all of these records were accessed inappropriately but, out of an abundance of caution, CPMC notified all of these patients.

CPMC has determined that between October 2013 and October 2014, the employee accessed the following types of information without an apparent valid purpose: patient demographics, last four digits of social security number, clinical information including diagnosis and clinical notes, and prescription information. The type of information varied for each patient. While the employee potentially viewed the last four digits of some social security numbers, the employee did not have access to full Social Security numbers, driver’s license numbers, California identification numbers, credit card numbers or financial account information. CPMC has no evidence of a malicious intent or any unauthorized sharing of patient information by the employee. CPMC believes that the employee accessed the information out of curiosity.

No action is required by the patients in response to CMPC’s notice.

CPMC takes patient privacy very seriously. CPMC has also reiterated to all staff that policy allows them to access patient information only when necessary to perform job duties and that violating this policy may result in loss of employment.

For questions, individuals may contact the Chief Privacy Officer for Sutter Health at 855?771? 4220 Monday – Friday from 8am to 5pm.

Category: Uncategorized

Post navigation

← Hacker Steals 20 Million Passwords From Unidentified Dating Site (Updated to identify site)
NHS information centre forced to write to potentially 'millions' of patients after care.data error →

3 thoughts on “California Pacific Medical Center discovers employee was improperly accessing patient records for one year”

  1. Anonymous says:
    January 26, 2015 at 10:22 pm

    CPMC takes patient privacy very seriously, yet as a large enterprise we are not able to deploy off the shelf software to detect inappropriate access patterns.

  2. Anonymous says:
    January 27, 2015 at 1:17 am

    Where can we find more information on what caused the employee to view these records? What were they looking for? How did CPMC become aware of this situation to initiate and investigation.

    1. Anonymous says:
      January 27, 2015 at 7:52 am

      They said their audit uncovered a problem that they then investigated.

      They may never tell us more about the employee’s motives because it sounds like they just terminated the employee and didn’t necessarily report this to police.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.