A hospital in northeast Iowa is notifying over 1,600 patients that their personal medical information was accessed by a former employee. Jim Waterbury is a spokesperson for UnityPoint Health-Allen Hospital in Waterloo.
“We had an employee who had access that was not authorized into patient records,” Waterbury said. The problem was discovered on March 14 and hospital staff then determined it affected patients from September 2009 through March 2016.
“We traced it all back through our computer records,” Waterbury said. “We, of course, turned off access immediately. We’re reporting that, as is required, and as we want to do for our patients…so we can tell them this person read their records without authorization.” The employee may have seen patients’ names, home addresses, dates of birth, medical and health insurance account numbers, and information related to their treatment.
“To date, there’s really no indication of identity theft or that credit card information was involved,” Waterbury said. However, the employee may have seen Social Security numbers for about 240 patients, according to Waterbury. Hospital officials reported the incident to the U.S. Department of Health and Human Services. The affected patients are being offered membership in a credit monitoring program at no cost. Waterbury added anyone who has questions about the breach of patient information may call (877) 332-6271 between 8 a.m and 8 p.m. Monday through Friday.