Bon Secours reports EHR data breach
June 5, 2013 in Medical Technology
The seven-hospital Bon Secours Health System in Virginia recently announced that some 5,000 former patients had their protected health information compromised following an electronic health records data breach.
Officials say the HIPAA breach occurred at Newport News, Va.-based Bon Secours Mary Immaculate Hospital after two members of the patient care team accessed patients’ medical records in a “manner that was inconsistent with their job functions and hospitals procedures and inconstant with the training they received regarding appropriate access of patient medical records,” according to a notice on the health system’s site.
[See also: OCR seeks HIPAA audit feedback.]
The “potentially unlawful behavior” was discovered during an April 2013 audit, officials say. Patients’ names in addition to treatment information, Social Security numbers, dates of births, medications and providers may have been accessed.
According to system officials, local and federal law enforcement agencies have formed The Peninsula Task Force to work with Bon Secours to thoroughly investigate this matter and to determine if any patient information may have been used illegally. The employees involved in this incident have been terminated from their positions.
This is the fourth reported data breach at Bon Secours Health System.
[See also: New York hospital waits 15 months to announce HIPAA breach, notify patients.]
The health system has contracted the services of Kroll Advisory Solutions to offer access to identity theft safeguards at no charge to the patients contacted.