Chicago hospital takes action after employee needlessly read medical records

A Chicago children’s hospital notified patients that an unauthorized employee had access to their medical records for a year, between September 2018 and September 2019, according to a statement from the hospital.

Advertisement

Four key notes:

1. Ann & Robert H. Lurie Children’s Hospital noticed an employee accessed medical records without a “business reason” for about a year, seeing patient names, addresses and birth dates. The person also could see patient medical information, but not insurance information, financial information or Social Security numbers.

2. When Lurie’s discovered the issue Nov. 15, it launched an investigation and the employee no longer works at Lurie Children’s.

3. The hospital is mailing a notification letter to patients whose records may have been viewed, asking them to review billing statements for accuracy.

4. The hospital also plans to provide more staff training to prevent privacy violations.

More articles on hospital cybersecurity:
6 health systems seeking CISOs
21 notable phishing attacks of 2019
North Carolina healthcare provider warns 4,500 patients of data breach

Advertisement

Next Up in Health IT

Advertisement

Comments are closed.