BEND, Ore. – (Update: Added comment from hospital spokeswoman)
St. Charles Health System announced Thursday it has discovered that a caregiver has accessed nearly 2,500 patients’ electronic medical records without authorization.
“The caregiver said in an interview that she looked at the files out of curiosity,” the organization’s announcement stated.
St. Charles Director of Communications and Marketing Mendenhall would not identify the worker or her location when asked by NewsChannel 21, instead noting by email that which facility she worked at “isn’t relevant because our electronic medical record is integrated and covers all facilities.”
“We completed a thorough review of all records this caregiver had accessed as part of our investigation,” Mendenhall added, then “took swift and appropriate disciplinary action,” declining to be more specific.
Pedro Quintana will have more on this tonight on NewsChannel 21 Fox @ 4, and 5, 6 and 7 on KTVZ: Here’s the rest of the health system’s statement, in full.
The caregiver has since signed an affidavit stating that she has never used or shared any of the confidential patient information for the purpose of committing fraud, financial crimes or other crimes against the patients whose records were among those she viewed.
On Jan. 16, the health system launched an investigation and conducted an audit of all of the patient files accessed by the caregiver.
The audit revealed that between Oct. 8, 2014 and Jan. 16, 2017, the caregiver may have reviewed as many as 2,459 files containing patients’ names, addresses, dates of birth, health insurance information, driver’s license numbers and health information such as diagnoses, physicians’ names, medications and treatment information.
“We sincerely apologize to our patients who may have been affected by this incident,” said Nicole Hough, vice president of compliance. “We want to provide them with the information they need to understand what happened and what they can do to guard against possible fraud.”
The health system mailed a letter Thursday to those patients who are impacted. The letter includes an explanation of the incident and an offer of credit monitoring and identity restoration services, as well as additional information about how individuals can protect themselves.
St. Charles said it is also in the process of notifying state and federal regulators about the incident.
“St. Charles takes the privacy and security of our patients’ personal health information very seriously. We regard the protection of all patient information as part of our commitment to providing excellent care,” Hough said. “The health system is doing everything possible to prevent a similar privacy breach from occurring in the future, including implementing additional medical record audits.”
Individuals are encouraged to remain vigilant against incidents of identity theft and fraud, to review their account statements and to monitor their credit reports for suspicious activity. A confidential call center has also been established to answer questions about this incident. The call center phone number is 1-855-836-0069 and is available Monday through Saturday, 9 a.m. to 9 p.m. EST.
About St. Charles Health System
St. Charles Health System, Inc., headquartered in Bend, Ore., owns and operates St. Charles Bend, Madras, Prineville and Redmond. It also owns family care clinics in Bend, Madras, Prineville, Redmond and Sisters. St. Charles is a private, not-for-profit Oregon corporation and is the largest employer in Central Oregon with more than 4,200 caregivers. In addition, there are more than 350 active medical staff members and nearly 200 visiting medical staff members who partner with the health system to provide a wide range of care and service to our communities.