An employee of University Hospitals serving northeast Ohio accessed records for 692 patients over a three-and-one-half-year period “without a business reason,” the eight-hospital delivery system has announced.

In a notice, University Hospitals said the employee has been terminated and law enforcement has been notified. The organization on October 2 discovered that the access had occurred from January 25, 2011 through June 27, 2014.

Compromised information included names, addresses, phone numbers, email addresses, birth dates, medical and insurance account numbers, and medical information. “In addition, some patients’ Social Security numbers, driver’s license numbers, personal financial account information, and/or credit and debit card information may have been viewed,” according to University Hospitals.

The organization said it is not aware of any fraud, identity theft or misuse beyond the employee’s unauthorized viewing.  A spokesperson declined to state how many patients had SSNs or financial/credit/debit information compromised, but those with SSNs that may have been breached are being offered a year of free credit monitoring and identity theft protection.

University Hospitals also did not disclose which facilities were affected, but said a series of audits are continuing to minimize a reoccurrence. The spokesperson would not disclose the types of audits being conducted, or what has been learned about how the employee could access the records for such a long period of time.

In a separate unrelated breach, the news service reports that two computers were stolen from University Hospitals’ Chagrin Highlands Medical Center on the weekend of Nov. 22.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access