PA: Ex-Geisinger employee accessed hundreds of patients’ info improperly

From their notice of May 18:

WILKES-BARRE, Pa. – Geisinger Wyoming Valley Medical Center has notified certain patients that their protected health information (PHI) may have been accessed by an individual employee in a non-permitted manner.

On March 20, 2020, Geisinger’s Privacy Office was alerted to a Geisinger Wyoming Valley employee possibly accessing medical records without a confirmed business need to do so.  An immediate investigation validated that this employee accessed medical records as part of their daily job responsibilities.  It was however confirmed that they accessed over 800 patients’ records without a business need.  The individual accessed records from July 2017 to March 2020. As a result of the investigation, the individual is no longer employed at Geisinger.

While the investigation did not reveal any evidence of malicious intent, the information that may have been viewed by the employee included: name, date of birth, social security number, address, phone number, email address, medical conditions, diagnoses, medications, dates of service, visit notes, results and appointment information.

“Geisinger is committed to protecting the privacy of our patients and members so we are actively exploring additional safeguards to protect our patients from a similar incident in the future,” Geisinger Assistant Privacy Officer, Deb Beaver. “We have no reason to believe the information was accessed to commit financial fraud or harm; however, out of an abundance of caution we are providing affected patients one year of identity theft protection free of charge.”

Detailed credit monitoring and identity theft protection enrollment instructions were provided to affected patients in their notification letters.

For those affected by this breach, Geisinger has established a toll-free number at 888-559-9945 which is available from 8 a.m. to 5 p.m. (Eastern Standard Time) Monday through Friday.