Yakima (Wash.) Valley Memorial Hospital has agreed to pay $240,000 to resolve data privacy allegations after 23 security guards allegedly looked through patient medical records without a job-related purpose, according to a July 31 report from Medscape.
The emergency department guards allegedly used login credentials to access the medical records of 419 patients.
Information accessed included names, birthdays, medical record numbers, addresses, treatment notes and insurance information. The U.S. Department of Health & Human Services' Office for Civil Rights initiated an investigation after a breach notification report alerted the agency to the illegal snooping.
OCR will monitor the Yakima system for two years, and the hospital was ordered to conduct a risk analysis and develop a risk management plan.
Yakima Valley did not respond to requests for comment.