Minneapolis-based Allina Health has notified patients whose personal health information was unnecessarily viewed by a certified medical assistant at one of the system’s clinics.
The data breach has affected more than 3,000 patients, according to a report from KARE.
According to Allina Health, the first unauthorized access was confirmed on September 18, 2013. In the course of the investigation, the health system determined that the individual accessed some patients’ electronic medical record (EMR) outside of her normal job duties between February, 2010 and September, 2013. This employee had access to demographic information (name, address, telephone number, date of birth), clinical information, health insurance information, and the last four digits of these patients’ social security number, Allina Health officials said.
The health system began sending letters to affected patients on October 25, and has established a call center to answer any questions they may have.