'Rogue' employee at Michigan hospital improperly viewed 4,000 patient records

Grand Haven, Mich.-based North Ottawa Community Hospital is notifying 4,013 patients that their records were improperly viewed by an unauthorized employee. 

The employee was fired after an investigation, the hospital said.

In October, hospital officials discovered that a "rogue" employee, who was acting alone, improperly viewed patients' health records through the EHR system. The employee viewed patients' records without a legitimate medical reason. 

Patient data that may have been viewed included names, dates of birth, Social Security numbers, driver's license numbers, medical diagnostic information, medical treatment information, lab results, Medicare and Medicaid numbers and health insurance information. 

North Ottawa Community Hospital said that the employee didn't have access to patient financial information. 

"All records associated with this employee were carefully reviewed and corrective action steps were taken to prevent a privacy incident from reoccurring," said North Ottawa Community Hospital in a statement. "NOCHS took immediate action to review electronic patient record authorization levels, and installed additional technology safeguards to restrict access even further."  

More articles on cybersecurity:
Florida clinic to pay $85K for violating HIPAA records access rule 
Wyoming hospitals hit by cyberattacks almost daily, state hospital association says
4 things to know about Zeppelin, a ransomware targeting healthcare organizations

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers