IH finds, corrects breach

Monday, December 26, Infirmary Health released press release regarding a breach of privacy at Atmore Community Hospital. The breach was found during a routine audit, and appears limited in scope.

Following is the press release in its entirety:

PUBLIC NOTICE: HIPAA Breach Notification
Atmore Community Hospital (ACH), a hospital owned by Escambia County Alabama Community Hospitals, Inc. and managed by Infirmary Management Services, Inc., understands a patient’s privacy is important and therefore a responsibility we take seriously. To protect this right, we routinely conduct periodic audits to ensure that access to patient records is limited to authorized employees and healthcare providers.
During a routine audit conducted on November 18, 2016, it was discovered that during the period between October 3, 2015 and November 11, 2016 an ACH employee accessed the electronic record of approximately 1,000 patents without an appropriate work related reason. This unauthorized access constitutes a breach of patient privacy and is in violation of organizational policy. The information accessed was limited to patient names, hospital admission dates and flowsheets. This employee was authorized to access limited portions of patient records, but contrary to extensive training and specific instructions, unnecessarily viewed other records.

Once identified, the employee was immediately placed on leave from work and subsequently terminated from employment. During the subsequent investigation of this unauthorized patient records access, ACH gained reasonable assurances that the information viewed by the employee was NOT distributed outside of ACH nor was it misused or further disclosed in any form including verbally, electronically or in printed documents.

ACH believes the risk for fraudulent activity from this occurrence to be very low. However, all affected patients have been notified by mail and instructed they should monitor their personal financial activity as an added safeguard.

ACH understands and respects a patient’s right to privacy and confidentiality. Therefore, we will continue to ensure this right remains one of our highest priorities.

If you have questions regarding this notification, you may contact us as follows:

HIPAA Hotline at 251- 435-3900 or 1-866-689-4981
Email: hipaa.privacy@infirmaryhealth.org

In Writing at:
HIPAA Privacy Officer
P.O. Box 2226
Mobile AL 36652