We regret to inform you that we will no longer be publishing Health Data Management. It has been an honor to provide you with the insights and connections to move your career forward. We wish you continued success on your professional journey and welcome you to explore our other titles at www.arizent.com/brands.

Employee at Trios Health snoops on data of 600 patients

An employee at Trios Health, which is anchored by Trios Southridge Hospital in Washington State, was using its electronic health record system not just to perform job duties but to also look up information on patients outside of the employee's job function.

The incident is the latest in a spate of breaches at healthcare organizations by insiders; it is the fifth such incident that Health Data Management tracked in May.

The Trios Health breach was discovered by its health information management department on March 14. Compromised data included dates of service, diagnoses, demographic information, Social Security numbers, driver’s license numbers, phone numbers and email addresses.

After an investigation, the organization put in new EHR use restrictions to staff within the employee’s department and terminated the employee. The investigation continues and as does additional privacy training and new standard auditing processes to protect PHI. Notification letters to about 600 affected patients started being mailed on May 29.

Trios Health is offering a year of identity theft, credit and fraud monitoring protection services for affected patients through IdentityForce. Spokespersons for the organization did not respond to a request for additional information.

Also See: Why insider threats remain the biggest risk to data

Other breaches at healthcare organizations of protected health information caused by insiders include the following:

* At Med Center Health in Kentucky, an employee took data on two occasions to build an outside business.

* Beacon Health System in Indiana discovered an employee had been accessing patient emergency department records for three years without permission or a reason to view them.

* A volunteer at NYC Health + Hospitals inadvertently caused a breach because she handled protected health information before being fully vetted and trained by the human resources department.

* Two employees in the patient transport department at Vanderbilt University Medical Center were inappropriately accessing patient records by obtaining more information than needed to do their jobs.

For reprint and licensing requests for this article, click here.