KENNEWICK, Wash. - Trios Health officials are notifying patients of an investigation after an employee was fired for accessing medical records without permission.
A Trios Health press release said Elizabeth Rice was named the director of Health Information Management and compliance officer in March. Rice's team discovered the breach during a planned review.
The staff member was initially placed on administrative leave and later terminated in May 2017.
The subject may have accessed information including (not including to outpatient Trios Medical Group providers), diagnoses, and demographic information including addresses, phone numbers, driver’s license numbers, and Social Security Numbers pertaining to Trios Health visits..
So far, the investigation has revealed at least 600 Trios patients' records were accessed by the employee between October 2013 and March 2017.
“This significant issue came to light as part of a thorough and systematic examination that is still underway,” Rice said in a statement. “We took immediate action to investigate it, notify the appropriate parties, and begin putting additional protections in place to prevent it from happening again.”
Rice stated that each access of a patient record without permission constitutes a violation of the Health Insurance Portability and Accountability Act (HIPAA).
The press release says patients whose medical records were accessed are being notified by mail during the week of May 29, and will have the option to enroll in free identity theft protection and credit monitoring services for one year at Trios Health’s expense.
At this time it is not known what the total fines will be or what other corrective actions may entail against the former employee.