On May 24, 2019, Franciscan Health confirmed through an internal investigation that one employee in the quality research for Franciscan Health accessed protected health information (PHI) of approximately 2,200 patients without a business reason. The conduct was identified as part of Franciscan Health’s privacy audit process. At this time, there is no evidence that the employee downloaded, disclosed, or transmitted any of these information accessed and the individual is no longer employed by Franciscan Health.
What Information Was Affected?
The affected records include information that was created or received by your healthcare providers in the course of providing treatment, including medical records from other facilities incorporated into the electronic medical record at Franciscan Health. Franciscan Health transitioned to its electronic medical record system in June 2012 and continues to use this system today and these were the impacted records. The vast majority of the affected records was limited primarily to demographic information, such as name, address, email address, date of birth, phone number, gender, race/ethnicity, last four digits of social security number, and medical record number. Other records included clinical data, such as physician, diagnosis/conditions, lab results, medications, and other treatment information, driver’s license number, emergency contact information, and insurance claims information. For a small subset of individuals, the records also contained the patient’s social security number.
How Did Franciscan Health Respond?
Impacted individuals have been notified by mail and will be offered two years of identity theft protection services at no cost. Patients affected are also encouraged to monitor their financial accounts, credit history, and Explanation of Benefits statements as extra precautions.
Questions
A dedicated hotline, (833) 295-7812, has been established to take patient questions related to this incident.