Employee misuse

Employee misuse results in potential healthcare data breach

June 3rd, 2016

Inappropriate access to patient information over seven years has resulted in a possible PHI breach at an Iowan hospital, as per the report.

Around 1,620 patients have been notified by UnityPoint Health-Allen Hospital. Former employee had improperly viewed PHI through the hospital’s EHR system. The employee was allowed access to the EHR system to do her job at that time, but she did not have the authority to view the records for patients who are involved in this healthcare data security event. The employee’s EHR access was terminated as soon as the hospital detected the possible PHI breach and the staff member was disciplined according to hospital policies.

According to the Jim Waterbury, the hospital’s vice president for institutional advancement,  Allen Hospital staff detected inappropriate access to the hospital’s medical records on March 14 and opened an immediate review.

Patients may have had their names, home addresses, dates of birth, health insurance information, and treatment information disclosed in the incident. The report stated that less than 15 percent of affected patients may have had their Social Security numbers viewed.

“We apologize to our affected patients, and we accept our responsibility to keep this event from happening again,” UnityPoint Health-Allen Hospital’s Vice President for Institutional Advancement Jim Waterbury told The Courier.

Steps been taken by hospital to prevent future healthcare data breaches includes additional training on proper access of EHR systems and performing more audits.

Facility has also provided patients with guidance on other precautionary measures they can take to protect their information, including placing a fraud alert, placing a security freeze and/or obtaining a free credit report.


Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.