Omaha-based Nebraska Medicine began notifying patients Dec. 3 of a security incident that may have exposed their protected health information, according to local NBC affiliate WOWT.
During a routine EHR audit in October, Nebraska Medicine discovered that an unauthorized employee was wrongly viewing patient health records. The employee improperly viewed patient records between July 11, 2018, and Oct. 1, 2019.
Immediately, Nebraska Medicine terminated the employee who was mishandling patient records. Patient data that may have been exposed included names, dates of birth, medical record numbers, Social Security numbers and driver's license numbers. Additionally, clinical information, lab imagery and physician notes may have been improperly viewed.
"Please accept my sincere apology. This individual no longer works for Nebraska Medicine and no longer has access to Nebraska Medicine systems. To prevent something like this from happening again, we are continuing to regularly audit our electronic medical record system for potential unauthorized activity, and are retraining staff about appropriate access of patient information," the letter to patients from Nebraska Medicine said, according to WOWT.