Harris Health is notifying some of its patients regarding a privacy incident involving an employee’s access to electronic medical records without a work-related reason. 

On February 10, 2021, Harris Health learned that an employee may have accessed certain patients’ electronic medical records without a work-related reason. Harris Health quickly launched an investigation with the assistance of a nationally-recognized forensic firm, reported the incident to law enforcement and terminated the employee permanently. While working with law enforcement, Harris Health determined that the former employee disclosed some patient information to unauthorized individuals.  

Because it could have impeded their investigation, law enforcement required Harris Health to delay notifying patients of this incident. Harris Health is now notifying patients as quickly as possible after receiving permission from law enforcement to do so. To date, Harris Health has not been able to determine which specific patients’ information was disclosed outside the organization but is notifying all patients whose electronic medical record may have been impermissibly accessed by the former employee. 

Harris Health’s investigation determined that the impermissible access to patient information occurred between January 4, 2011, and March 8, 2021. The patient information involved may include: demographic information (name, date of birth, address, email address, telephone number, medical record number); clinical information (diagnoses, medical history, medications, immunizations, provider name, dates of service); and insurance information, which for a limited number of patients may have contained their Social Security number. 

Harris Health terminated the employee responsible for the incident and will continue to take steps to help prevent a similar incident from occurring in the future, including thoroughly investigating privacy complaints and providing ongoing training to its workforce of the importance of protecting patient privacy. Harris Health has also implemented enhanced proactive monitoring and auditing capabilities that will assist Harris Health in detecting and preventing similar incidents from occurring in the future.