Minneapolis-based Allina Health has notified patients whose personal health information was unnecessarily viewed by a certified medical assistant at one of the system’s clinics.
The data breach has affected more than 3,000 patients, according to a report from KARE.
According to Allina Health, the first unauthorized access was confirmed on September 18, 2013. In the course of the investigation, the health system determined that the individual accessed some patients’ electronic medical record (EMR) outside of her normal job duties between February, 2010 and September, 2013. This employee had access to demographic information (name, address, telephone number, date of birth), clinical information, health insurance information, and the last four digits of these patients’ social security number, Allina Health officials said.
The health system began sending letters to affected patients on October 25, and has established a call center to answer any questions they may have.
The American Medical Association and the International Health Terminology Standards Development Organisation are working together, through a collaborative agreement, to create better integration between their proprietary code sets in support of interoperability and healthcare data analytics.
Officials from Carequality have stated that there are now more than 150,000 clinicians across 11,000 clinics and 500 hospitals live on its network. These participants are also able to share health data records with one another, regardless of technology vendor.
While stolen financial data still has a higher market value than stolen medical records, as financial data can be monetized faster, there are indications that there is ongoing development of a market for stolen medical data, according to an Intel Security McAfee Labs report.