Breach, Data Security

Former California pharmacist employee accessed data without business or treatment purpose

California Pacific Medical Center (CPMC) is notifying more than 800 patients that a former pharmacist employee may have accessed their records without a business or treatment purpose.

How many victims? 844.

What type of personal information? Patient demographics, last four digits of Social Security numbers, clinical information such as diagnoses and clinical notes, and prescription information.

What happened? A former pharmacist employee accessed patient records without a business or treatment purpose.

What was the response? All potentially impacted individuals are being notified. The employee was fired, as per CPMC policy.

Details: CPMC learned of the incident through a proactive audit of its electronic medical record system that occurred on Oct. 10, 2014. CPMC determined that the former employee accessed the information between October 2013 and October 2014.

Quote: “It is unclear whether all of these records were accessed inappropriately but, out of an abundance of caution, CPMC notified all of these patients,” according to a notification posted to the CPMC website, which went on to add, “CPMC has no evidence of a malicious intent or any unauthorized sharing of patient information by the employee.”

Source: cpmc.org, “Audit finds employee access to patient files without apparent business or treatment purpose,” Jan. 23, 2015.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.