A former Kaiser Permanente employee inappropriately accessed the health system's EHR and may have viewed medical information and photos.
The Oakland, Calif.-based health system said it determined during a May compliance review that the staffer accessed patients' medical records outside of the person's job function, according to a July 15 notice. The individual's access to the system was cut off, and the person no longer works for the health system.
"We are also reviewing our policies and procedures governing access to patients' medical records to determine whether additional safeguards are needed to deter and prevent future incidents," Kaiser Permanente stated.
The health system told HHS that 3,435 Northern California members were affected by the breach. The ex-staffer may have viewed names, addresses, dates of birth, email addresses, telephone numbers, healthcare information, and photos.