University of California (UC) Irvine Medical Center is notifying nearly 5,000 patients that an employee accessed their records without a job-related purpose between June 2011 and March.
How many victims? 4,859, a UC Irvine Medical Center spokesperson told SCMagazine.com on Friday.
What type of personal information? Names, addresses, dates of birth, genders, medical record numbers, heights, weights, UC Irvine Medical Center account numbers, allergy information, medical documentation, diagnoses, test orders and results, medications, employment status, and names of health plans and employers.
What happened? An employee accessed patient records without a job-related purpose.
What was the response? Law enforcement was notified, and a criminal investigation is ongoing. Independent computer forensics experts were called in to analyze the employee's hard drive and email account. UC Irvine Medical Center removed the employee's access to computers systems, and imposed disciplinary action. All affected patients are being notified, and offered a year of free credit monitoring and identity theft protection services.
Details: The employee's job required access to some patient records, but the employee looked at additional records without a job-related purpose between June 2011 and March.
Quote: “[The] investigation has found no evidence that this employee removed any patient information,” a notification posted to the UC Irvine Medical Center website said.
Source: ucirvinehealth.org, “Breach of patient records investigated,” June 17, 2015.