Allina Health System learned of an internaldata breach on September 18 in which an Inver Grove Heights medical assistant inappropriately viewed 3,800 patients EHRs from February 2010 to September 2013.
The Pioneer Press reports that while the breach occurred at the Inver Grove Heights clinic, not all affected patients were necessarily treated there. Instead, Allina’s EHR system spans across 11 hospitals and more than 50 physician clinics. The employee, who has since been fired, was able to access patients’ demographic, clinical and insurance information, as well as the last four digits of their Social Security numbers.
“We did not determine a motive,” Allina spokesman David Kanihan said. “We do believe that it is highly unlikely she did this for financial gain or identity theft or anything like that.” Allina also added that it would offer patients free access to identity monitoring services as well as a dedicated call center to answer any patient questions.
This was the 12th patient data breach of 500 patients or more (of 682 total in the U.S.) reported in Minnesota, according to the Pioneer Press, since 2009. “Covered entities were only required to begin reporting breaches of unsecured protected health information to (the government) in 2009,” Rachel Seeger, spokeswoman for the Department of Health and Humans Services, wrote in an email.
Allina started sending patient notification letters on October 25 and is in the process of gathering information to improve it technical security, according to the statement on its website homepage.
We deeply regret that this occurred and want you to know we are committed to protecting the privacy of our patients’ personal information. To help prevent similar incidents from happening in the future, we are evaluating our policies related to protecting patient information, examining our computer security programs and continuing to educate employees on their obligation to maintain the privacy of patient information.
