An unauthorized former nurse in Palomar Medical Center Escondido viewed the medical records of over 1,300 patients. The patient privacy violations happened in a period of 15 months from February 10, 2016 to May 7, 2017. It was discovered during an audit of access logs.
The audit report showed a pattern of access that did not match the nurse’s work duties. It further showed that the nurse viewed the records of patients assigned to her and to another nurse in the same unit. This seemed to be simply an incident of snooping and not a case of data access with malicious intent. According to Palomar Health, there was no evidence that information was recorded or taken from the hospital. There was also no report of patient information misuse. The nurse resigned when an internal investigation of the privacy violation ensued.
While the affected 1,309 patients were receiving their treatment at the hospital, they were notified of the potential data breach. They were informed that the former nurse potentially viewed the patients’ names, medical record numbers, birth dates, genders, treatment locations, allergies, diagnoses and medications. The medical records of four patients contained Social Security numbers, financial information and insurance details. Palomar Health offered the four patients identity theft protection services.
In response to the incident, Palomar Health implemented a new system that automatically audits the logs created every time medical records are viewed or accessed or an attempt is made to do so. This new system can quickly identify snooping or data theft attempts. The hospital staff will also get more privacy and security awareness training.