A nurse’s aid at Wayne Memorial Hospital in Honesdale, Pa., has been fired for accessing patient records without authorization.
The hospital said the employee had been trained in HIPAA, according to information on its website.
Letters have been sent to 390 individuals informing them their medical records may have been exposed, and some of those records may have included Social Security numbers, diagnoses and insurance information. All those whose Social Security numbers may have been exposed have been offered a free one-year membership in a credit monitoring service.
Wayne Memorial at this time “has no information that the nurse’s aide accessed the information for any malicious purposes or inappropriately used or disclosed any information,” according to CEO David Hoff.
The unauthorized access was discovered on Dec. 8, 2015, when another employee called with a privacy concern. Wayne Memorial immediately launched a forensic review of files accessed by the nurse’s aide, interviewed the aide and subsequently fired the aide. The aide’s name is not being released.
Every employee is reminded on a regular basis about privacy concerns via a hospital-wide email called “HIPAA Tuesdays,” which often details examples of non-compliance.
“This incident has prompted us to further review all levels of employee access to patient medical records, to enhance our HIPAA training for all employees and to research software programs that might help us better detect unauthorized access,” said Hoff.
As one of the first hospitals in the region to implement an EMR, Hoff said, it is “ahead of the technology curve, and I can assure you that we will do all that we can to make sure something like this does not happen again.”