An EHR snooping breach at Asante results in potential unauthorized access to patient information; the healthcare organization takes action and reinforces security. The employee improperly accessed more than 8,834 patient records over a period of almost nine years.
The situation:
Asante, a healthcare organization in Oregon, discovered an incident of unauthorized access to their Electronic Health Records (EHR) system, potentially exposing patient information. The breach, which occurred between April 10, 2021, and July 8, 2021, was discovered during a routine review of EHR access logs.
Why it matters:
The unauthorized access to 8,834 patient records highlights the importance of stringent security measures to protect sensitive patient data. Healthcare organizations must maintain strict access controls, implement comprehensive security protocols, and monitor EHR usage to prevent similar incidents.
What’s affected:
The exposed information may include patient names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, and clinical data. There is currently no evidence that the accessed data has been misused. However, the potential ramifications of such breaches can be far-reaching, including identity theft, financial fraud, and damage to the patient-provider relationship.
Asante’s response:
Upon discovering the incident, Asante promptly initiated an investigation, took steps to secure its systems, and reported the breach to law enforcement. The healthcare organization has also implemented additional security measures, such as enhancing access controls, conducting staff training on patient privacy, and increasing system monitoring.
Support for affected patients:
Asante is committed to supporting patients impacted by the breach. The organization has notified affected individuals and provided resources, including complimentary credit monitoring and identity theft protection services, to help them safeguard their personal information. Asante has also established a dedicated call center to address patient concerns and answer questions related to the incident.
The broader context:
EHR snooping is an ongoing challenge in the healthcare industry, with both external threats and internal unauthorized access posing risks to patient privacy. Healthcare organizations must remain vigilant and continually adapt their security measures to protect sensitive patient information.
The bottom line:
Healthcare organizations must continuously evaluate and enhance their security measures to protect sensitive patient information from unauthorized access. Asante’s response to the breach demonstrates the importance of swift action, transparency, and support for affected patients in mitigating the impact of such incidents and reinforcing trust in the healthcare system.
Related: HIPAA Compliant Email: The Definitive Guide
Dean Levitt
