Despite employers’ best efforts, some employees will just continue to try to snoop in patient files. This time, a covered entity discovered the wrongdoing via their own internal monitoring.
Phoenixville Hospital, operated by Tower Health, reports that a recent review detected that an employee had accessed a patient’s electronic medical records (EMR) without any apparent legitimate reason. Further investigation revealed that the same employee had accessed other patients’ records without legitimate purpose between October 2021 and May 1, 2022.
The information that may have been accessed and viewed without authorization
contained the following data elements: name, address, date of birth, date of encounter, diagnoses, vital signs, medications, test results, and provider notes. In a few instances, a partial Social Security number (last 4 digits), and medical insurance company name and identification numbers were viewed.
The hospital indicated that notifications were mailed to those affected on July 8, but they did not reveal how many patients were being notified.
As for the employee, their employment was suspended immediately and then terminated.
Phoenixville’s notice can be found on Tower Health’s site.