ProMedica Bay Park Hospital said last week it is notifying 594 patients of a breach of protected health information.
The hospital said it discovered on April 2 that between April 1, 2013 and April 1, 2014, an employee accessed the records of patients that the employee was not directly treating without a valid business reason.
An investigation found that the information the employee accessed may have included the names, date of birth, diagnosis, hospital visit number, medical record number, attending physician, medications and other clinical information.
The employee is no longer employed by the hospital.
The hospital doesn’t believe the information accessed by the employee contained any financial information including Social Security numbers or that the employee intended to retain any viewed information.
The affected patients will receive individual letters containing further details including a complimentary one-year membership of identity theft protection services.
The hospital said once it discovered the breach, ProMedica immediately deactivated the employee’s access to patient information.
To prevent further health information breaches, the hospital has implemented additional training for employees to ensure they understand and follow patient information access policies. The breach has been reported to the U.S. Department of Health and Human Services.
Additional steps affected patients can take to help reduce the chances of identity theft include placing a 90-fraud alert and a security freeze on their credit file, ordering free annual credit reports from www.annualcreditreport.com and carefully reviewing credit reports and bank, credit card and other account statements.
Patients who do not receive letters and feel they may have been impacted can email firstname.lastname@example.org.