Palomar Health Nurse Viewed 1,300 Patients’ Medical Records Without Authorization

by

An unauthorized former nurse in Palomar Medical Center Escondido viewed the medical records of over 1,300 patients. The patient privacy violations happened in a period of 15 months from February 10, 2016 to May 7, 2017. It was discovered during an audit of access logs.

The audit report showed a pattern of access that did not match the nurse’s work duties. It further showed that the nurse viewed the records of patients assigned to her and to another nurse in the same unit. This seemed to be simply an incident of snooping and not a case of data access with malicious intent. According to Palomar Health, there was no evidence that information was recorded or taken from the hospital. There was also no report of patient information misuse. The nurse resigned when an internal investigation of the privacy violation ensued.

While the affected 1,309 patients were receiving their treatment at the hospital, they were notified of the potential data breach. They were informed that the former nurse potentially viewed the patients’ names, medical record numbers, birth dates, genders, treatment locations, allergies, diagnoses and medications. The medical records of four patients contained Social Security numbers, financial information and insurance details. Palomar Health offered the four patients identity theft protection services.

In response to the incident, Palomar Health implemented a new system that automatically audits the logs created every time medical records are viewed or accessed or an attempt is made to do so. This new system can quickly identify snooping or data theft attempts. The hospital staff will also get more privacy and security awareness training.

James Keogh

James Keogh has been writing about the healthcare sector in the United States for several years and is currently the editor of HIPAAnswers. He has a particular interest in HIPAA and the intersection of healthcare privacy and information technology. He has developed specialized knowledge in HIPAA-related issues, including compliance, patient privacy, and data breaches. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681 or email directly at [email protected]