An ex-employee of Aultman Health Foundation viewed 7,300 patient information with no permission for nearly 12 years prior to the discovery of the HIPAA violation.
The employee was given access to patient information to carry out responsibilities associated with managing patient care however was found to have viewed patient information without valid work reason to do so. The types of data compromised included patient names, birth dates, addresses, medical insurance data, diagnosis and treatment details, and Social Security numbers.
Aultman stated it revoked the employee’s access to patient information the moment the privacy violation was discovered. Immediately, an investigation was started to find out the nature and extent of the HIPAA breach. The investigation showed the worker accessed patient information with no consent between September 14, 2009 and April 26, 2021. The employee was fired for breaking hospital and HIPAA policies.
Aultman has begun informing patients who had their records compromised. Patient’s who had his/her Social Security number likely exposed received offers of free credit monitoring and identity theft protection solutions. Aultman mentioned its employees were informed that they were merely allowed to access patient information for work reasons. “To help avoid similar incidents from occurring once again, Aultman has given more training to its system end-users and is employing more measures to safeguard the data of its patients,” explained an Aultman spokesperson.
The breach incident seems to be a snooping case. The ex-employee is not looking at any criminal charges and, to date, there is no hint that patient data was or is going to be misused.
The health system in Canton, OH manages Aultman Hospital, Aultman Alliance Community Hospital, Aultman Orrville Hospital, and a number of urgent care community health centers as well as physical therapy centers in Stark County.