Geisinger on Friday notified about 700 patients that their data may have been inappropriately accessed by an employee.
On June 3, Geisinger learned that an employee was possibly accessing medical records without a business need to do so, according to a press release by the Danville, Penn.-based system.
On September 8, an investgiation concluded that while the employee was permitted to access medical records as part of their daily job responsibilities, the employee inappropriately accessed over 700 patients’ records between June 2019 and June 2020. The employee was subsequently fired, according to Geisinger’s press release.
The investigation did not find evidence that the employee retained or removed any of the information, which included name, date of birth, medical record number, dates of service, social security number, address, phone number, medical conditions, diagnoses, medications, treatment information and other clinical notes.
“At Geisinger, protecting our patients’ and members’ privacy is of the utmost importance and we are constantly working on safeguards and protocols to identify incidents such as these so we can prevent such occurrences in the future,” said Geisinger’s Chief Privacy Officer Jonathan Friesen.