Local Hospital Warns 1,000 Patient Records Wrongly Accessed

January 9, 2017

An area hospital is warning that  nearly 1,000 electronic health records were accessed inappropriately.

Infirmary Management Services, Inc, which manages Atmore Community Hospital, discovered during a routine audit in November that an ACH employee accessed  the electronic record of approximately 1,000 patents without an appropriate work related reason between October 3, 2015, and November 11, 2016, the company said in a statement.

“This unauthorized access constitutes a breach of patient privacy and is in violation of organizational policy. The information accessed was limited to patient names, hospital admission dates and flowsheets. This employee was authorized to access limited portions of patient records, but contrary to extensive training and specific instructions, unnecessarily viewed other records,” Infirmary said.

The employee was immediately placed on  leave and subsequently terminated.  ACH said they were assured that the information viewed by the employee was not distributed outside of the hospital or misused.

ACH said the risk from fraudulent activity from the incident is very low; however all affected patients have been notified by mail and instructed they should monitor their personal financial activity as an added safeguard.

ACH patients with questions can call Infirmary at (251) 435-3900.


7 Responses to “Local Hospital Warns 1,000 Patient Records Wrongly Accessed”

  1. NWFLA Linda on January 10th, 2017 12:34 pm

    The Russians likely did it. I say that with sarcasm as one of the several million Federal workers whose personal info was hacked by the Chinese. Have come to conclusion, if you’re alive, you’re hackable. This is all the more frustrating because of the repeated training and “safeguards” we were subjected to in order to protect our and other’s personal data. We were not authorized to keep paperwork at our own desk with our own personal info in it due to PII (personally identifiable information) regulations. Lot of good that did!

  2. A citizen on January 10th, 2017 6:52 am

    Former patient, article stated at bottom that employee was put on leave then subsequently terminated, I take that as being fired.

  3. Former Paitent also on January 9th, 2017 8:46 pm

    They were accessed within approximately a 45 day window….minus at least two days off per week….how did they get any work done that they were being paid to do. Also I wish it said if said employee was still employed or not. I hope not.

  4. More Than A Mistake on January 9th, 2017 8:24 pm

    To no big deal…

    Apparently you didn’t receive a warning yourself. If you would have you would’ve been notified of the misprint on the dates of the incident. According to my warning it stated that the incident lasted for an entire year. So, you’re telling me this employee happened to “accidentally” access these records through another employees terminal for a year? Try again. These files were purposefully accesssed. You can’t downplay something of this magnitude.

    Sure, there are countless entities accessing my records at any given time. That’s fine. However, they better have the clearance and substantial reasoning in order to do so.

  5. no big deal on January 9th, 2017 6:17 pm

    I applaud ACH for making this public. I am shocked that MORE incidences are not brought into the light. It happens. All the time. It sounds like this was not malicious.

    According to the description it is possible that an employee simply neglected to log out before a different employee used the terminal. Easy mistake. It is possible the accused employee did not even read the records since the article simply states they were “accessed.” There are way too many benign explanations to cause anyone to be upset or feel violated.

    I know, I know HIPAA and all that, but come on, folks. If there are electronic records, there are countless entities accessing them.

  6. Concerned former patient at Atmore hospital on January 9th, 2017 5:11 pm

    Will the name be released of this personal who has committed these privacy crimes against the patients ? I mean I don’t understand why their name can be kept private our personal information was invaded & violated by them we at least should know who they are and their identity exposed publicly

  7. lone chief on January 9th, 2017 2:27 pm

    This is happening more and more often. It sure doesn’t help that our health records are kept off-site by yet another company. I am amazed that everyone hasn’t figured out that NOTHING is safe on a computer. One of my Doc’s uses a records place somewhere in Michigan (I think)., “so you can easily access it”. Uh-huh, and apparently so can everyone else. Even the company has a disclaimer when you access file..something to the effect of “if you have accessed this information by error please disregard or delete”. Yeah, that didn’t give me a ‘warm and fuzzy’. Of course when I challenged the Doc’s I was the bad guy! Whatever happened to the Privacy Act of 1974?

Have a comment on this story?

We welcome your comments on this story, but there are some rules to follow::

(1) Be Nice. No comments that slander another, no racism, no sexism, no personal attacks.

(2) No Harrassing Comments. If someone says something bad about you, don't respond. That's childish.

(3) No Libel. That's saying something is not true about someone. Don't do it.

(4) Keep it clean. Nothing vulgar, obscene or sexually related. No profanity or obvious substitutions. Period.

(5) NorthEscambia.com reserves the right to remove any comments that violate our rules or we think to be inappropriate. We are not responsible for what is posted. Comments may not appear right away until they are approved by a moderator.

(6) Limit your comments to the subject in this story only, and limit comments to 300 words or less. Do not post copyrighted material. Comments will not be added to stories that are over 30 days old.

(7) No posts may advertise a commercial business or political group, or link to another commercial web site or political site of any kind.