Glitch Exposes Medical Records Online30,000 Patients Alerted to Search Engine Exposure
A California health system is notifying about 30,000 patients that their personal health information was accessible via search engines for about a year.
See Also: HIPAA Audits: A Revised Game Plan
St. Joseph Health System in Orange, Calif., says the records for patients treated at five of its hospitals were stored on the organization's internal computer network with incorrect security settings that allowed for the potential for inappropriate access. The information was available to search engines from early 2011 until this month, when the glitch was discovered.
Information that may have been accessed includes patient name, diagnoses list, medication allergies, body mass index, blood pressure, lab results, smoking status, and advance directive status. Also included was certain demographic information, including birth date, race and gender. The information did not include any financial information or Social Security numbers.
"The information was not readily identifiable on the Internet," according to a statement from the health system. "In most cases, a complex combination of terms or extensive search would have been required to access the records."
Since discovering the breach, "/files have been secured within the hospital's system and the hospitals' teams are working to eliminate residual or archived information from the Internet," according to the statement.
The health system is providing patients affected with free identity theft protection services.