Newport Beach, Calif.-based Pedes Orange County, a clinic that shares its facility with another medical group to conduct surgical procedures, notified 917 patients after a physician accessed its EMR database without permission and disclosed the materials to their attorney in November, according to a notice mailed to patients.
Although that physician was a member of the medical group Pedes shares its building with and had access to the shared scheduling tool, the individual was not authorized to access Pedes' EMR.
The database stored patients' personal health information, including names, medical diagnosis, medical treatments, dates of medical service and other treatment-related information. Financial account information and Social Security numbers were not stored in the database.
The clinic is telling patients it has no reason to believe the information was misused by this individual, though Pedes is recommending patients review documents from their health insurer as a precaution.
Pedes established a dedicated call center to field patients' concerns and is conducting a comprehensive review of its security practices, procedures and safeguards.
Becker's Hospital Review reached out to Pedes Orange County for comment. This story will be updated as more information becomes available.
More articles on cybersecurity:
Facebook hires IBM scientist who helped build Watson for its AI efforts: 5 things to know
UPenn researchers want to launch the US's 1st CRISPR trial in humans: 6 things to know