Kaufman, Texas-based Children’s Medical Clinics of East Texas has notified families of patients that an employee improperly accessed patient health information, according to a breach notification letter posted on the clinic’s website.
According to the U.S. Department of Health and Human Services Office for Civil Rights (OCR) breach portal website, the incident potentially affected 16,000 patients.
Children’s Medical Clinic discovered that an employee took business documents home from the office and did not return them and the clinic filed a police report by Aug. 10, the breach notification letter, written by the law firm Shaw & Associates, stated. The incident was reported to OCR on Oct. 28.
After searching medical record logs, the clinic learned that the employee improperly access patient health information (PHI) by logging into patient records and providing screenshots of patient records to an identified third party, the clinical said in the breach letter.
“This third party, who was a disgruntled ex-employee, appears to have a retaliatory agenda against the clinic. The employee has been terminated,” the clinic stated.
There is the potential for a privacy breach regarding improper access of records that contained confidential information such as name, date of birth and PHI including diagnosis and treatment.
“We believe the employee engaged in these behaviors due to the likely retaliatory agenda stated above and not with any intent to harm patients. However, there is no way to narrow down which records were improperly accessed,” according to the statement.
The breach notification letter also states that credit monitoring services may be offered to any patients affected and urged families of patients to register fraud alert with the three credit bureaus, monitor their accounts closely and contact the local Consumer Protection Agency.