TJ Samson Community Hospital Discovers Unauthorized Access of 683 Patients’ PHI

Two independent care providers inappropriately accessed the healthcare data of 683 patients of TJ Samson Community Hospital in Glasgow, KY and TJ Health Columbia Clinic. The unauthorized access to patient PHI was discovered on August 25, 2017 during a routine audit of system logs.

The information inappropriately accessed on January 1, 2017 included names, demographic information, medical notes, Social Security numbers and insurance details. Financial information was inaccessible because the independent health providers’ login credentials were restricted from accessing such information.

An independent healthcare provider may access the PHI of a patient in order to perform his work duties of treating the patient. If he is not treating a patient, he has no legitimate reason to access his patient data. In the case above, it is apparent that both independent care providers were going beyond the allowed boundaries of PHI access. It is a good thing that TJ Samson had the chance to interview both independent healthcare providers and found that all accessed patient information was not misused nor disclosed.

In response to the culprits’ action, TJ Samson simply blocked their access to the hospital’s data storage system and did no further action. To comply with the HIPAA Rules, TJ Samson posted on the hospital’s official website a notice of the breach. In addition, affected patients were sent a notification letter of the breach by mail. The hospital management also made the necessary steps to prevent the same incident of unauthorized access from happening again. The access procedure for independent health care providers was thoroughly reviewed, too.

About Christine Garcia 1297 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA