Asante, an Oregon-based health system with three hospitals and more than 30 primary care facilities, has started notifying certain patients that their medical records have been accessed by a local doctor who had no treatment relationship with the patients. The physician was not employed by Asante but had access to Asante’s medical record system as he treated patients in Asante facilities.
An investigation was launched when unauthorized access was detected which revealed the unauthorized access had been occurring over a period of nine years, starting in 2014. The doctor – Dr. Paul Hoffman – has had his access to the electronic medical record system terminated. Asante is satisfied that the records were not accessed with any malicious intent and that the medical records were simply accessed out of curiosity and said there is no reason to suggest the affected patients are at risk of identity theft or fraud. The types of information accessed included names, demographic information and treatment information. No financial information, driver’s license numbers or Social Security numbers were viewed.
Asante said it has a system in place that monitors for unauthorized medical record access. Asante said it is now investigating how to improve the detection of unauthorized medical record access to ensure similar cases of unauthorized access are detected more quickly in the future.
The HHS’ Office for Civil Rights website indicates the physician accessed the medical records of 8,834 patients without authorization.