Riverside Medical Group, a large group practice of Newport News, Va.-based Riverside Health System, is offering 919 patients credit and identity theft monitoring services after discovering a licensed professional nurse had inappropriately accessed their electronic health records during the past four years.

The breach was found during a random audit conducted on November 1, 2013. The organization already was working with security vendor FairWarning to implement new audit software that would expand its audit capabilities, including more automated flagging of suspect activity. With more than 5,000 users of the EHR, “we need to do more auditing of more users,” says Peter Glagola, a spokesperson for the delivery system.

Between September 2009 and October 2013, the nurse accessed data of patients who were not patients of the practice where she worked, according to a letter sent to patients. The nurse was terminated and there are no criminal charges pending and no indication of credit or identity theft, but the investigation continues, Glagola adds.

Compromised information included Social Security number, name, address, date of birth, problem list, medications, allergies, test results, visit notes and a summary of medical history. The patient notification letter offers one year of free credit monitoring services and up to $1 million in identity theft insurance with no deductible from TransUnion, covering all three major credit reporting firms.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access