Palomar Health notifying patients after nurse caught snooping in records
As seen on their site:
Notice to Palomar Health Patients Regarding Unauthorized Access of Patient Health Information
Palomar Health is committed to protecting the confidentiality and security of our patients’ information and we regret to inform you of an incident involving some of that information. Sometime between February 10, 2016 and May 7, 2017, some electronic health records were accessed by a former Palomar Health employee for reasons unrelated to medical care.
Palomar Health conducted a thorough investigation, which concluded in December 2017. The investigation determined the following types of protected health information may have been viewed: medical record information including first and last name, date of birth, gender, medical record number, diagnosis/reason for visit, Palomar treatment location, medications, and allergies.
This incident did not affect all Palomar Health patients during the timeframe outlined in the first paragraph, and we do not have any reason to believe that any personal or medical information has been compromised, transferred, or viewed outside of the Palomar Health electronic medical record system. In addition, we have confirmed that no credit card information, financial information, or social security number was accessed. We will begin sending notification letters to affected patients on January 12, 2018.
If you believe you may have been affected but did not receive a letter by January 26th, please call this toll free number (855)-553-3089 Monday-Saturday 6 a.m. to 6 p.m. Pacific Standard Time, excluding national holidays.
We deeply regret any inconvenience this may cause our patients. To prevent future incidents of this nature, increased audits of access to health records are being implemented and additional awareness/ training has been and continues to be provided to all employees to ensure patient privacy procedures are strictly followed.
So was the date of discovery the May date? The 60-day clock begins with discovery, not the date upon which an entity concludes its investigation. But depending on how many patients are being notified, we may not see this one on HHS’s public breach tool.
Update: A press release sent out by Palomar Health provides some clarification and additional detail. Thanks to the reader who sent this along:
Palomar Health has concluded an investigation into a single employee inappropriately accessing the records of 1,309 different patients between February 10, 2016 and May 7, 2017 at Palomar Medical Center Escondido.
The health information accessed included the patient’s first and last name, date of birth, gender, medical record number, diagnosis/reason for visit, treatment location, medications, and allergies. No health insurance information, financial data or other sensitive information such as social security or driver’s license numbers was accessed, except in the case of four patients.
The patients’ medical information was not transferred or viewed outside of the Palomar Health electronic medical record system and there are no reports of patient information being compromised.
Palomar Health is in the process of notifying all affected patients. Anyone with questions can direct inquiries to (855) 553-3089 Monday through Saturday, 6 a.m. to 6 p.m. Pacific Standard Time, excluding national holidays.
Patient privacy and confidentiality is a top priority at Palomar Health. To prevent future incidents of this nature, increased audits of access to health records are in the process of being implemented and additional awareness/ training has been and continues to be provided to all employees to ensure patient privacy procedures are strictly followed. The employee who accessed the patient health information is no longer employed by Palomar Health.