A former employee at Tri-City Medical Center in Oceanside, Calif., may have been acting in a whistleblower capacity when on August 8 he wheeled out medical records and brought them to the California Department of Public Health.

The result is that the hospital is notifying about 6,500 patients of a breach of protected information that includes names, dates of birth, service dates, admitting physicians, medical record numbers, diagnosis and admit dates and times. The former employee, who was moving personal effects to his vehicle with a cart, put emergency department transfer logs on the cart as well.

The logs, covering patients who came to the ER and were admitted to the hospital or transferred to another facility between Dec. 1, 2013 and May 13, 2014, did not contain Social Security numbers or financial information. “While the person who removed the logs was not authorized to do so, we are not currently aware of any use or further disclosure of the private information on the logs,” according to a notice sent to patients. “However, you may wish to have a fraud alert placed on your credit files.”

The logs had been used in an on-site regulatory review completed the day before they were taken, according to information given to affected patients. The notification letter indicates that the state may still have the logs: “We have been in contact with the Department of Public Health about the logs.” A hospital spokesperson did not respond to a request for more information, including if the organization believes the former employee was acting as a whistleblower.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access