An Atmore Community Hospital employee was terminated for accessing the electronic record of approximately 1,000 patients without an appropriate work-related reason, according to a press release from Infirmary Health.

The breach of the patients’ privacy was discovered during a routine audit on Nov. 18, Director of Marketing Lauren Giddens said in the release.

“It was discovered that during the period between Oct. 3, 2015 and Nov. 11, 2016, an ACH employee accessed the electronic record of approximately 1,000 patents without an appropriate work related reason,” Giddens said. “This unauthorized access constitutes a breach of patient privacy and is in violation of organizational policy. The information accessed was limited to patient names, hospital admission dates and flowsheets. This employee was authorized to access limited portions of patient records, but contrary to extensive training and specific instructions, unnecessarily viewed other records.”

Giddens said the employee was identified and placed on leave from work and terminated from employment.

“During the subsequent investigation of this unauthorized patient records access, ACH gained reasonable assurances that the information viewed by the employee was not distributed outside of ACH, nor was it misused or further disclosed in any form including verbally, electronically or in printed documents,” she said. “ACH believes the risk for fraudulent activity from this occurrence to be very low. However, all affected patients have been notified by mail and instructed they should monitor their personal financial activity as an added safeguard. ACH understands and respects a patient’s right to privacy and confidentiality. Therefore, we will continue to ensure this right remains one of our highest priorities.”

The breach is a Health Insurance Portability and Accountability Act (HIPAA) violation.

Those with questions in regard to this notification may contact us as follows:

HIPAA hotline at 251- 435-3900 or 1-866-689-4981, by email at hipaa.privacy@infirmaryhealth.org or in writing at HIPAA Privacy Officer, P.O. Box 2226, Mobile, AL 36652.