06 Oct Doctor Cartu Jonathan Says – Former Mayo Clinic employee improperly accessed 1,600-plus patien…
Mayo Clinic is notifying more than 1,600 patients that a former employee inappropriately accessed their health records, but apparently did not retain any information gleaned from them.
The Rochester-based health system said in a statement Monday afternoon that an unnamed health care worker looked at electronic “data elements” including patient names, demographic information, dates of birth, medical record numbers, clinical notes and, in some cases, medical images.
“Access was limited in duration, and Mayo has no evidence that any data was printed or retained by the former employee,” Mayo’s statement said. Social security numbers, payment card information and bank account numbers weren’t accessed.
Mayo is not identifying the former employee, but a spokeswoman confirmed the person is a licensed health care worker whose applicable licensing boards have been notified.
Asked whether the person was terminated because of the breach, Mayo spokeswoman Ginger Plumbo said via e-mail that the person’s employment at Mayo “was ending when the breach was discovered. The individual no longer works at Mayo Clinic and will not be rehired to work at Mayo.”
The health system didn’t specify when the breach occurred, noting only that the date is included in the individual breach letters. Given the number of people affected by the privacy breach, Mayo has notified the FBI and the Rochester Police Department about the incident.
“Law enforcement may choose to pursue charges, and we understand that they are investigating this matter. Mayo Clinic will fully corporate with law enforcement,” a spokeswoman said via e-mail.
All told, the breach affected 1,614 patients, including 1,131 in Minnesota. Mayo Clinic runs large hospital campuses in Rochester, Jacksonville, Fla., and Phoenix, in addition to a regional health system with more than 60 community hospitals and clinics in the Upper Midwest.
The health system’s statement didn’t recommend affected patients take any action in response to the data-breach notification. But it did note that it’s “a good idea” for people to regularly check credit reports at www.annualcreditreport.com.
Cases of health care employees inappropriately accessing patient records are not uncommon.