Hawaii Pacific Health’s 5-Year Insider Data Breach

Hawaii Pacific Health learned about the 5-year snooping of an employee of Straub Medical Center (Honolulu) on patient healthcare records.

Hawaii Pacific Health discovered on January 17, 2020 the unauthorized patient records access and began an investigation. An analysis of the access logs revealed that in November 2014, the employee first started looking at patient records. The snooping went on undetected until January 2020. All through that time frame, the employee viewed 3,772 patients’ healthcare records. After the investigation, the employee lost his job.

The patients impacted by the snooping were individuals who were treated at Straub Medical Center, Pali Momi Medical Center, Kapiolani Medical Center for Women & Children or Wilcox Medical Center. It’s possible that the employee has accessed these types of data: first and last names of patients, email and physical addresses, telephone numbers, birth dates, religious affiliation, race/ethnicity, medical record numbers, service dates, primary care provider’s information, hospital account numbers, types of consultation and corresponding notes, name of department, providers’ names, account numbers and guarantor names, Social Security numbers and names of health plans.

The reason behind the snooping of the records was not determined, but Hawaii Pacific Health believes that curiosity was the reason and not to steal sensitive information for malicious purposes. Nevertheless, data theft can’t be ruled out. Hawaii Pacific Health informed via mail all the patients that the employee viewed the information on March 17, 2020. The patients also received offers of one-year free credit monitoring and identity restoration services.

Hawaii Pacific Health is checking its internal policies and updating them as necessary. More HIPAA training regarding patient privacy will likewise be made available. The health system is also looking to implement new systems to track down unauthorized access to healthcare records as well as anomalous personnel behavior at a faster rate.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA