Bend, Ore.-based St. Charles Health System has identified a data breach wherein a caregiver accessed nearly 2,500 patients' EMRs without authorization. But there is no evidence that the caregiver shared the personal health information of these patients with anyone else.
The caregiver has signed an affidavit stating that she has not used the confidential information "for the purpose of committing fraud, financial crimes or other crimes against the patients whose records were among those she viewed."
The caregiver reviewed around 2,459 patient files between Oct. 8, 2014, and Jan. 16, 2017. These files included patients' names, addresses, dates of birth, health insurance information, driver's license numbers as well as clinical information.
"We sincerely apologize to our patients who may have been affected by this incident," said Nicole Hough, vice president of compliance at the health system. "We want to provide them with the information they need to understand what happened and what they can do to guard against possible fraud."
The affected patients have been sent a letter informing them of the security incident. It also includes an offer for credit monitoring and identity restoration services.