Central Health Employee Accessed Patient Data

From Privacy Wiki
Jump to navigation Jump to search
Central Health Employee Accessed Patient Data
Short Title Employee of Central Health Found Snooping on Private Medical Records of Patients
Location United States
Date July 2020

Taxonomy Insecurity
Information Medical and Health, Demographic, Identifying
Threat Actors Central Health, Central Health employee

Individuals
Affected Patients of Central Health
High Risk Groups Medical Patient
Secondary Consequences

An employee of Central Health got caught snooping on patients information, such as their diagnosis, age, doctor's information and more.

Description

A former employee of Central Health got caught involved in a series of privacy breaches, spanning two years and 240 patients. They had access to the Meditech system containing files with people's medical information and was found snooping on the patient’s personal information. Insecurity

They had access to two types of files, which contained summary information of a patient in hospital, including their diagnosis, their attending physician, age, sex and even what room in the hospital they were in.

This employee no longer works with Central Health.

Generally every Central Health employee has to go through privacy training upon hiring. Central Health performs privacy audits weekly, designed to catch breaches, picking employees at random and checking their access as well as doing more targeted audits. But this breach fell through the cracks, prompting questions as to why. 

Central Health publicly apologized to the 240 patients after the employee accessed their private records.

Risk Statistics

Laws and Regulations

Sources

https://www.cbc.ca/news/canada/newfoundland-labrador/central-health-privacy-breach-snooping-1.5666969