Chadron Community Hospital, a critical access facility in Nebraska, recently learned that an employee was accessing patient records outside of job duties for more than five years.
An investigation found that compromised patient information included names, addresses, dates of birth, clinical information from the electronic health record system (diagnoses, orders, provider notes and test results) and insurance information. “We do not believe the former employee accessed any Social Security numbers,” the hospital noted in announcement of the breach.
Chadron Community now is notifying 702 patients and advising them to monitor financial accounts and request a free credit report from Equifax, Experience or TransUnion. Additional information is being given to patients on what to do if there is reason to believe information was misused.
“To help prevent something like this from happening in the future, we are reviewing our privacy policies and practices, and reinforcing education with all staff regarding the importance of maintaining the confidentiality of our patients’ information and appropriate care-related access to patient records,” according to a statement from the hospital, which declined to comment further on the incident.