A former employee of a Louisiana hospital may have accessed thousands of patient records without authorization for nearly 15 years, a spokesperson from Bogalusa, La.-based Our Lady of the Angels Hospital told Becker's Hospital Review.
Here are five things to know about the incident.
1. Our Lady of the Angels Hospital officials learned a former employee had inappropriately accessed 1,140 patient records from the date Our Lady of the Angels acquired the hospital March 17, 2014, until July 25, 2017, according to a hospital statement.
2. Our Lady of the Angels Hospital officials informed LSU Health Care Services Division, a division of Baton Rouge-based Louisiana State University, about the incident Aug. 11, according to a separate LSU Health statement. LSU Health Care Services Division had operated and managed the hospital, formerly known as Bogalusa Medical Center, until March 17, 2014.
3. LSU Health Care Services Division began an investigation into the employee's potential inappropriate access Aug. 24. Officials determined the former employee may have improperly accessed patient records since Feb. 19, 2003. LSU Health Care Services Division estimated 1,200 individuals were affected in the incident, according to HHS' Office for Civil Rights breach portal.
4. The former employee claimed their motivation to access patient records without authorization was a result of their own "curiosity," according to the LSU Health statement. Our Lady of the Angels Hospital did not find any evidence the former employee misused or shared any personal information from the patient records.
5. Our Lady of the Angels Hospital officials terminated the employee upon discovering the incident. The hospital will also offer its affected patients 12 months of free credit monitoring services and plans to review its policies and audit processes to prevent similar privacy and security incidents from occurring in the future.