DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Palomar Health notifying patients after nurse caught snooping in records

Posted on January 12, 2018 by Dissent

As seen on their site:

Notice to Palomar Health Patients Regarding Unauthorized Access of Patient Health Information 

Palomar Health is committed to protecting the confidentiality and security of our patients’ information and we regret to inform you of an incident involving some of that information. Sometime between February 10, 2016 and May 7, 2017, some electronic health records were accessed by a former Palomar Health employee for reasons unrelated to medical care.

Palomar Health conducted a thorough investigation, which concluded in December 2017. The investigation determined the following types of protected health information may have been viewed: medical record information including first and last name, date of birth, gender, medical record number, diagnosis/reason for visit, Palomar treatment location, medications, and allergies.

This incident did not affect all Palomar Health patients during the timeframe outlined in the first paragraph, and we do not have any reason to believe that any personal or medical information has been compromised, transferred, or viewed outside of the Palomar Health electronic medical record system.  In addition, we have confirmed that no credit card information, financial information, or social security number was accessed.  We will begin sending notification letters to affected patients on January 12, 2018.

If you believe you may have been affected but did not receive a letter by January 26th, please call this toll free number (855)-553-3089 Monday-Saturday 6 a.m. to 6 p.m. Pacific Standard Time, excluding national holidays.

We deeply regret any inconvenience this may cause our patients. To prevent future incidents of this nature, increased audits of access to health records are being implemented and additional awareness/ training has been and continues to be provided to all employees to ensure patient privacy procedures are strictly followed.

So was the date of discovery the May date?  The 60-day clock begins with discovery, not the date upon which an entity concludes its investigation.   But depending on how many patients are being notified, we may not see this one on HHS’s public breach tool.

Update: A press release sent out by Palomar Health provides some clarification and additional detail. Thanks to the reader who sent  this along:

Palomar Health has concluded an investigation into a single employee inappropriately accessing the records of 1,309 different patients between February 10, 2016 and May 7, 2017 at Palomar Medical Center Escondido.

The health information accessed included the patient’s first and last name, date of birth, gender, medical record number, diagnosis/reason for visit, treatment location, medications, and allergies. No health insurance information, financial data or other sensitive information such as social security or driver’s license numbers was accessed, except in the case of four patients.

The patients’ medical information was not transferred or viewed outside of the Palomar Health electronic medical record system and there are no reports of patient information being compromised.

Palomar Health is in the process of notifying all affected patients.  Anyone with questions can direct inquiries to (855) 553-3089 Monday through Saturday, 6 a.m. to 6 p.m. Pacific Standard Time, excluding national holidays.

Patient privacy and confidentiality is a top priority at Palomar Health. To prevent future incidents of this nature, increased audits of access to health records are in the process of being implemented and additional awareness/ training has been and continues to be provided to all employees to ensure patient privacy procedures are strictly followed. The employee who accessed the patient health information is no longer employed by Palomar Health.

Related posts:

  • Latest update to HHS breach tool discloses previously unknown breaches
  • Health Data Breaches in 2017: The Year in Review
Category: Health DataInsiderU.S.

Post navigation

← Montana State University Billings notifying students after laptop was stolen in November
Oklahoma State University Center for Health Sciences notifying 280,000 Medicaid patients after hack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.