Medical Records Illegally Acccessed at PeaceHealth Over Six-Year Period

By Elizabeth Hernandez

It has been discovered that the medical records of almost 2,000 patients was illegally accessed by a former employee at PeaceHealth, a not-for-profit Catholic health system based in Vancouver, WA.

The unauthorized access was identified by PeaceHealth on August 9, 2017, leading tyo an investigation. PeaceHealth found the inappropriate access started in November 2011 and went on until July 2017.

The inquiry revealed that Social Security numbers and financial information were not obtained by the employee, although patient names, medical record numbers, admission and discharge dates, medical diagnoses, and progress notes were all seen.

Due to the nature of information that was accessed, and the results of the internal inquiry, PeaceHealth does feel any patients impacted by the breach are in danger of identity theft. However, all impacted people have been warned to remain vigilant and review their credit reports and account statements for any sign of fraudulent activity.

Patients targeted by the HIPAA compliance breach had attended either the PeaceHealth St. Joseph Medical Center or its Southwest Medical Center between November 2011 and July 2017. All people affected by the incident have now been advised of the breach by mail.

PeaceHealth released a statement which read: “Patient privacy is among our highest priorities, and we take this [incident] very seriously.” The individual no longer works at PeaceHealth.

PeaceHealth already  have a policy in place which invests in technology to prevent data breaches, follows industry best practices for monitoring and securing PHI, and provides training to staff on privacy and security. The incident has prompted PeaceHealth to refresh education of its staff with respect to appropriate accessing of PHI.

The incident report has now been submitted to the Department of Health and Human Services’ Office for Civil Rights. The privacy breach report shows the PHI of 1,969 patients was improperly obtained.

Twitter Facebook LinkedIn Reddit Link copied to clipboard
Elizabeth Hernandez works as a reporter for NetSec.news. Her journalism is centered on IT compliance and security. With a background in information technology and a strong interest in cybersecurity, she reports on IT regulations and digital security issues. Elizabeth frequently covers topics about data breaches and highlights the importance of compliance regulations in maintaining digital security and privacy. Follow on X: https://twitter.com/ElizabethHzone