More than 2,000 Franciscan Health patients had their medical information and other personal data breached, according to the hospital.
Joe Dejanovic, health care system spokesman, told The Times law enforcement authorities have been contacted and the employee who accessed the data is no longer working for Franciscan Health.
The privacy breach was uncovered following a privacy audit and confirmed May 24 after an internal investigation, according to a news release.
The breach primarily impacts patients in Northwest Indiana, a very small number of patients in Illinois and a few people out of state, he said. All have been sent letters.
The employee was in the quality research department for the health care system and accessed protected health information of about 2,200 patients “without a business reason,” the release states.
“We value patient privacy and deeply regret that this incident occurred,” Patrick Maloney, president and CEO of Franciscan Health Hammond, Dyer and Munster, said in the release.
“We are grateful that our robust auditing process identified this privacy incident, and we continue to look for ways to provide strong privacy protections to our patients.”
At this time, there is no evidence the employee downloaded, disclosed or transmitted any of the information accessed, according to the health care system.
Information accessed included patient names, addresses, email addresses, dates of birth, phone numbers, gender, race/ethnicity, last four digits of Social Security numbers and medical record numbers, physician information, diagnosis/medical conditions, lab results, medications, treatments, driver’s license number, emergency contacts and insurance claims, the news release states.
In a small number of cases, patients’ entire Social Security number was accessed.
Individuals have been notified by mail and will be offered two years of identity theft protection at no cost, the release states. Patients affected are encouraged to monitor their financial accounts, credit history and explanation of benefits statements as an extra precaution.
Patients with questions may call 833-295-7812. The number has been set up as a dedicated hotline for this incident.
This isn’t the first time this has happened at a Franciscan Health location.
In December 2015, Franciscan Health uncovered a privacy breach in which about 1,850 empty paper folders that previously contained patient medical records were inadvertently put in the Crown Point Health Center’s trash and not shredded.
In that case, the folders involved patients no longer active at the clinic and contained no personal identifiers or financial information. They included patients’ first and last names, birth dates, names of parties responsible for payment of medical bills and medical record numbers.