Franciscan Health patients’ protected health information compromised due to privacy breach

• Franciscan Health conducted an internal investigation and found out on May 24, 2019, that an employee from the quality research department accessed patients medical records without any business purpose.
• The healthcare provider fired the employee who was responsible for the breach.

Franciscan Health suffered a privacy breach after an employee accessed the protected health information of almost 2,200 patients without authorization.

The big picture

The healthcare center became aware of the privacy breach following a privacy audit. Upon which, FH conducted an internal investigation and found out on May 24, 2019, that an employee from the quality research department accessed patients medical records without any business purpose.

However, the healthcare system confirmed that there is no evidence the employee downloaded, disclosed or transmitted any of the information accessed.

What information was accessed?

• The accessed information includes patients’ demographic information such as names, addresses, email addresses, dates of birth, phone numbers, gender, race/ethnicity, last four digits of social security number, and medical record numbers.
• The employee also accessed medical records such as physicians, diagnosis, lab results, medications, treatment information, driver’s license number, emergency contact information, and insurance claims information.
• Few patients also had their social security numbers accessed.

The response

• Franciscan Health notified the Times law enforcement authorities about the privacy breach.
• The healthcare provider fired the employee who was responsible for the breach.
• It is providing two-year free identity theft protection services for all the potentially impacted patients.
• It has also requested the patients to review their financial accounts, credit history, and explanation of benefits statements for any suspicious activity.

“We value patient privacy and deeply regret that this incident occurred,” Patrick Maloney, president and CEO of Franciscan Health Hammond, Dyer and Munster, said.

“We are grateful that our robust auditing process identified this privacy incident, and we continue to look for ways to provide strong privacy protections to our patients,” Maloney added, Northwest Indiana Times reported.