Medford, Ore.-based Asante, a health system serving southern Oregon and Northern California, is notifying patients of a data breach after an employee was discovered to be inappropriately accessing patient records.
Asante learned in July that an employee had inappropriately accessed electronic patient records, and launched an investigation into the incident and the employee. The investigation indicated the employee accessed records from Aug. 18, 2014 to July 21, 2016. Potentially compromised information includes patient names, birth dates, medical record number, medications, diagnoses and lab results. Social Security numbers, financial and account information were not compromised, according to the notification.
The health system said it has no indication patient information has been misused, and it does not believe information will be misused in the future.
Asante said it cannot provide details regarding the outcome of the investigation, but "we can assure you that we applied our employment policies and processes appropriately," according to the notification.
The health system said it notified affected patients, but did not indicate in the notification letter how many patients that may be. There is no posting on the HHS Office for Civil Rights data breach notification portal, either.
More articles on data breaches:
The Department of Education is 'the biggest vulnerability' for a hack
Binder containing patient information missing from Kansas hospital
Medical College of Wisconsin data breach affects 3,200 patients