Bellaire, Texas-based Harris Health has fired an employee it says shared patients’ EHR data with unauthorized people over the course of several years.
The public safety-net health system started notifying several thousand patients Oct. 3 who were affected by the data breach, which occurred between January 2011 and March 2021.
Harris Health said it discovered the incident in February 2021 and engaged a forensic firm and law enforcement before terminating the staffer. The health system said it delayed patient notification so as not to impede the criminal investigation.
The organization said it was unable to determine which specific patients’ data was exposed, so it is contacting all individuals whose EHR data may have been accessed by the ex-employee. The breached data may have comprised personally identifiable information, including Social Security numbers, as well as medical records and insurance information.
