EHR audit catches snooping employee

[InfoSec News <alerts () infosecnews org>]

http://www.healthcareitnews.com/news/ehr-audit-catches-snooping-employee

By Erin McCann
Managing Editor
Healthcare IT News
January 26, 2015

Electronic health records not only enable faster access to real-time 
patient data; they also make it a heck of a lot easier to catch snooping 
employees who inappropriately view patients' confidential information, as 
one California hospital has observed this past week.

Officials at the 785-bed California Pacific Medical Center in San 
Francisco – part of Sutter Health system – notified a total of 844 
patients Jan. 23 after discovering a pharmacist employee had been 
inappropriately snooping on patients' medical data for an entire year.

The incident was discovered after the hospital conducted an EHR audit back 
in October 2014, when it was first discovered only 14 individuals had had 
their PHI compromised.

Following an "expanded investigation," hospital officials discovered the 
HIPAA breach was significantly larger than they had originally found, with 
844 additional patients being identified as having there information 
inappropriately accessed. The staff member, whose employment has since 
been terminated, snooped on patient records from October 2013 to October 
2014, including patient demographics, clinical diagnoses, prescription 
data and clinical notes.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/