About 1,900 people are being notified by Mercy Medical Center-North Iowa in Mason City that they’ve had their protected health information inappropriately accessed by a former employee.

Letters were sent out on Monday to those affected after an internal investigation discovered that an employee had accessed information between July of last year and July of this year that includes things like birth dates, addresses, medication listings and insurance information. The investigation could not confirm that all of the patient records accessed were viewed for appropriate job-related purposes.

Mercy’s privacy officer Kurt Hale in the notification letter says they deeply regret the event, which is contrary to the hospital’s policies. Hale says the person no longer works for Mercy nor has access to the hospital’s information systems. Mercy says they are working to address the incident with the Department of Health and Human Services’ Office for Civil Rights as well as with local law enforcement.

(By Bob Fisher, KRIB, Mason City)