It has been discovered that the protected health information (PHI) of 683 patients of TJ Samson Community Hospital in Glasgow, KY and the TJ Health Columbia Clinic has been inappropriately accessed by an independent care provider to those centres.
The violation was discovered during a routine review of PHI access logs on August 25, 2017. The investigation that followed showed two individuals from the healthcare provider’s office had viewed the protected health information of patients, without any legitimate work reason for doing this.
Access to patients PHI is required in order for independent health care providers to complete their work duties, although in this instance, the PHI of patients was seen even though the patients were not being treated by the care providers.
TJ Samson questioned both individuals about the alleged unauthorized access and is happy that no further uses or disclosures of PHI have happened.
Following the breach, TJ Samson has stopped access for the individuals in question. The breach notice published on the TJ Samson website does not indicate any further action was taken against those people, although measures have been taken to prevent similar cases of unauthorized access, which included completing a review of access procedures for independent health care providers. People whose PHI was accessed have been made aware of the breach of their confidential information by mail.
The types of details accessed included names, medical information, demographic information, and in some instances, Social Security numbers and insurance details.
The access started in January 1, 2017. No financial details were accessed as the individuals’ login credentials did not allow them to access such data.