California Pacific Medical Center in San Francisco has notified 844 patients that their protected health information was compromised after discovering a pharmacist had inappropriately accessed their records "without a business or treatment purpose," according to the hospital.
CPMC, a Sutter Health affiliate, learned of the breach through an audit of the system in October 2014. The hospital expanded the investigation and fired the employee.
The investigation determined the employee inappropriately accessed information between October 2013 and October 2014, including patient demographics, last four digits of Social Security numbers, clinical information and prescription information. The employee did not have access to full Social Security numbers or financial account information.
It is unclear if all 844 patients' information was inappropriately accessed, but the employee may have had access to their records.
"CPMC has no evidence of malicious intent or any unauthorized sharing of patient information by the employee. CPMC believes that the employee accessed the information out of curiosity," the hospital said in a statement.
More articles on data breaches:
St. Peter's Health Partners notifying patients of data breach following cell phone theft
New York AG proposes updated personal data security laws
This hospital device could be the source of the next data breach