The employee was fired after an investigation, the hospital said.
In October, hospital officials discovered that a “rogue” employee, who was acting alone, improperly viewed patients’ health records through the EHR system. The employee viewed patients’ records without a legitimate medical reason.
Patient data that may have been viewed included names, dates of birth, Social Security numbers, driver’s license numbers, medical diagnostic information, medical treatment information, lab results, Medicare and Medicaid numbers and health insurance information.
North Ottawa Community Hospital said that the employee didn’t have access to patient financial information.
“All records associated with this employee were carefully reviewed and corrective action steps were taken to prevent a privacy incident from reoccurring,” said North Ottawa Community Hospital in a statement. “NOCHS took immediate action to review electronic patient record authorization levels, and installed additional technology safeguards to restrict access even further.”
More articles on cybersecurity:
Florida clinic to pay $85K for violating HIPAA records access rule
Wyoming hospitals hit by cyberattacks almost daily, state hospital association says
4 things to know about Zeppelin, a ransomware targeting healthcare organizations
