DCH: Notice to Our Patients of Data Privacy Event
DCH Health System has processes in place to audit workforce members’ access to electronic medical records maintained for the hospital’s patients. During a routine privacy audit on December 9, 2022, it was discovered that one of the hospital’s employed workforce members accessed the electronic medical records of a patient on December 5, 2022 without an apparent business reason. Upon further investigation, on December 12, 2022, DCH Health System discovered this employee had accessed and viewed additional DCH patient electronic medical records between September 2021 and December 9, 2022, without a legitimate business need related to the employee’s job duties.
Number of Patients Affected
DCH Health System notified approximately 2,530 individuals as a result of this incident.
Types of Information Involved
The information that may have been accessed and viewed without authorization by this employee contained the following data elements: name, address, date of birth, social security numbers, date of encounter, diagnoses, vital signs, medications, test results, and clinical/provider notes.
What is DCH Health System Doing?
DCH Health System takes its responsibility to safeguard protected health information very seriously. Upon identifying the initial inappropriate access, DCH Health System immediately suspended the employee and terminated the employee’s access to all medical records and other information systems. Upon further investigation to assess the information impacted, DCH subsequently terminated the individual’s employment one business day after initial discovery.
DCH also engaged a data breach recovery expert and established all required and necessary communications to the affected patients and regulatory officials. All affected patients have been notified by mail about this incident. DCH Health System has no reason to believe that the information was or will be further used or disclosed; however, out of an abundance of caution, free identity theft protection services, including credit monitoring, were offered to all patients whose insurance group and subscriber/policy numbers may have been involved.
DCH continues to provide ongoing mandatory HIPAA/privacy training to its workforce members regarding appropriate access, use and disclosure of protected health information. DCH will also use this incident to improve our privacy monitoring tools and processes.
How Patients Will Know if They Are Impacted
Notices were mailed to the affected patients or their personal representatives on January 17, 2023. If you did not get a letter in the mail but would like to know if your information was affected, please call our dedicated toll-free telephone number at 1-855-624-6814, Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time, excluding major US holidays. This number will be operational between January 17, 2023 and April 17, 2023.