Physician Accessed Pedes Orange County EMR and Disclosed PHI Without Authorization


Pedes Orange County Inc is a healthcare provider in California that specializes in vascular disease treatment. Pedes notified some of its patients that an unauthorized physician accessed their medical records and provided the information to a lawyer.

The facility Pedes uses is shared with another medical group conducting surgical procedures. The physicians use a common scheduling tool to monitor the use of the same facility. Pedes discovered on November 14, 2017 that a physician belonging to a different medical group accessed and viewed some of its patients’ electronic medical records. The physician did not have authorization to access the EMR.

Pedes found out that the physician subsequently disclosed some of the information from the EMR to an attorney. Pedes contacted the physician and made sure that all copies of PHI he took from the EMR system are destroyed and no copies are retained. The information potentially exposed includes patients’ names, dates of service, diagnoses, treatment and related data. There was no financial information or Social Security numbers compromised.

Pedes believes that no PHI was misused. However, this incident is regarded as a security breach according HIPAA Rules. So patients need to be notified about the PHI breach. Patients were also advised to be cautious and to check their Explanation of Benefits statements and other medical treatments and health insurance information are without fraudulent activity.

Because of what happened, Pedes reviewed and updated its security protocols to make sure a security breach such as this does not happen again. The report submitted by Pedes to the Department of Health and Human Services’ Office for Civil Rights indicated that the PHI of up to 917 patients were viewed and potentially compromised.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: