Daniel Drake Center for Post-Acute Care, part of six-hospital UC Health in Cincinnati, is reporting than one of its employees accessed patient medical records over a two-year period without authorization.

The UC health privacy office learned of the breach in June. Now, Daniel Drake Center is notifying 4,721 patients about potential exposure of their information, and it’s offering a year of credit monitoring and identity theft protection services from Experian.

Also See: OCR updates health data breach reporting tool

The center is not disclosing how the employee was able to access records for an extended period of time without being caught, nor did it say how it learned about the breach. Many healthcare organizations typically learn that a breach has occurred through notifications from law enforcement agencies that may be investigating one breach and finding that other organizations also have been affected.

Daniel Drake Center now is implementing software to regularly and proactively monitor access to electronic health records and also is conducting educational sessions with staff covering appropriate access to protected health information and patient confidentiality.

Both initiatives are commonly done following a breach, often at the suggestion of the HHS Office for Civil Rights, which enforces the breach notification rule.

UC Health declined to provide additional details about the incident.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access