Orlando Health employee accessed 3,200 patient medical records which were out of job responsibilities. The incident has caused a potential health data breach at Orlando Health. The breach was discovered during routine patient record access audit.
According to the company statement, nursing assistant had inappropriately accessed patient records which includes patient names, dates of birth, addresses, medications, medical tests and results, other clinical information, and the last four digits of Social Security Numbers.
There were also “a limited number of patients” who may have had their insurance information accessed as well, Orlando Health reported.
The employee has since been terminated along with revoking all the access.
“We are continually evaluating and modifying our practices and the practices of our employees to enhance the security and privacy of all confidential and protected health information entrusted to us,” the statement read. “We are also re-educating our workforce members and increasing our already vigilant program of auditing and monitoring of patient record access.”
Orlando Health mentioned that only certain patients treated at Winnie Palmer Hospital for Women & Babies, Dr. P. Phillips Hospital and a limited number of patients treated at Orlando Regional Medical Center, from January 2014 to May 2015, potentially had their information accessed.
“We take this incident very seriously, and we are committed to protecting patients’ health and personal information,” Orlando Health Corporate Director of Compliance and Information Security Steve Stallard said in a statement. “We deeply regret any concern or inconvenience this may cause our patients or their family members.”
Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.