An audit on the electronic health records system discovered that an employee was accessing patient records without authorisation.
Between July 11 and October 1, 2019 – an employee had gained access to patients’ medical records outside of the employee’s job role and apparently with no particular reason.
Compromised information included names, dates of birth, addresses, medical record numbers, Social Security numbers, driver’s license numbers, lab imagery, clinical information, and notes from physicians.
Immediately after discovering the privacy violation, Nebraska Medicine took the decision to dismiss the employee. Patients affected by the breach have been notified about the incident by letter.
In the letter, privacy officer Debra Bishop apologised for the breach and informed patients that the employee no longer works for Nebraska Medicine. Bishop also added that audits on the electronic medical record will be conducted more regularly, and staff will be re-trained about “appropriate access of patient information.”
In a statement, Nebraska Medicine said: “Once Nebraska Medicine became aware of the incident, our staff took action to investigate, prevent further improper access, and to notify affected patients. We have no reason to believe the information accessed has been or will be misused.
“In cases where the Social Security number or driver’s license was accessible, we are offering credit monitoring for a full year, at no cost to the affected patients.”
Nebraska Medicine will be offering a complimentary one-year membership of Experian IdentityWorksSM Credit 3B.
“This product helps detect possible misuse of your personal information and provides you with identity protection support focused on immediate identification and resolution of identity theft. IdentityWorksSM Credit 3B is completely free to you and we understand that enrolling in this program will not hurt your credit score.”