An employee's inappropriate access to patient records and fraudulent claims led to termination from Bon Secours St. Francis Health System.
The Greenville-S.C.-based organization conducted an audit of the employee's access to patient medical records after noticing a "concerning pattern of access," according to a notice on its website.
Prior to that, employees reported concerns about bills they received for unpaid balances for a prescription cream. An investigation revealed that a fellow employee had "caused potentially fraudulent charges to be billed to the other employee's insurance plans," according to the health system.
The "concerning pattern of access" investigation led to the discovery that from Jan. 1, 2014, to Aug. 12, 2015, the employee accessed patient medical records "in a manner that was inconsistent with her job functions, hospital procedures and the training that this employee received regarding the appropriate access of patients' medical records."
Compromised information includes patient names, birth dates, driver's license numbers, insurance information, clinical information and potentially Social Security numbers. This data breach affects about 2,000 patients.
St. Francis is providing supplementary education to all current employees on top of its mandatory privacy education all employees participate in on an annual basis, according to the notice. "The training will remind our employees that inappropriate use, access or disclosure of patients’ information will result in serious consequences up to and including termination and, where applicable, the involvement of law enforcement."