A Dignity Health hospital is notifying patients of a data breach after discovering a business partner employed a person as a case manager who was working under a false name and nursing license.
naviHealth provides Dignity Health's Mercy Medical Center Redding (Calif.) with post-acute care management. The hospital learned June 6 that one of naviHealth's employees had provided a false name and nursing license. This individual worked with naviHealth from June 2015 to May 2016. naviHealth immediately "severed ties" with the case manager and terminated his computer access, according to the hospital.
However, while he was employed, the case manager accessed patient data, including clinical information, individually identifying information and health insurance account information.
In efforts to prevent a similar situation from happening again, naviHealth has reviewed and confirmed the authenticity of all nursing licenses and identification of current employees, and new employees will go through additional screening processes.
Additionally, the hospital reports all the case manager's calls were recorded, and the calls were reviewed for content and clinical accuracy.
More articles on data breaches:
Advocate CTO: Instead of financial penalties for breaches, HHS should encourage cyber enhancement
Colorado vein center affected by Bizmatics server data breach
12 latest healthcare data breaches