Allina Health is notifying 3,807 patients by letter that a medical assistant at its Inver Grove Heights clinic viewed their medical records without a valid reason and beyond the scope of her authority.
The Twin Cities’ largest hospital and clinic system fired the employee — who had access to patients’ clinical, health insurance and demographic information — and is offering no-cost monitoring services to make sure they don’t suffer financial or other ramifications from the privacy breach.
Some of the patients were in the Allina-wide electronic record-keeping system but hadn’t visited the Inver Grove Heights clinic. What the worker was trying to accomplish is unclear, said Allina spokesman David Kanihan. “There’s no evidence to suggest she was doing this for financial gain.”
The medical assistant performed basic tasks such as taking patients’ vital signs, and was permitted to view their records, but not the records of patients who weren’t in her care. The worker’s unauthorized viewing of records dated back to February 2010.
Allina is reviewing its security systems and its training of employees, including medical staff, in patient privacy.
“We have zero tolerance for unnecessary and unauthorized access to patient information, said Dr. Penny Wheeler, Allina’s president and chief clinical officer. “This standard applies to all employees, including medical personnel,”
Mass privacy breaches have become more common in the era of electronic medical records.
Just this fall, the state’s new MNsure health insurance exchange announced that the Social Security numbers of 2,400 insurance agents had been inadvertently e-mailed out.
In 2011, Allina fired 32 employees from two north metro hospitals for looking up private medical information of patients who had suffered drug overdoses at a party in Blaine.