SSM Health reports privacy breach of St. Louis area medical records
A former SSM Health employee inappropriately accessed patient medical records between Feb. 13 and Oct. 20, the company reports.
The employee worked in the customer service call center and had access to records for 29,000 patients, across several states.
However, the company believes the focus of the illegal activities involved medical records of a small number of patients with a controlled substance prescription and a primary care physician within the St. Louis area. This is considered a privacy breach under the federal Health Insurance Portability and Accountability Act (HIPAA).
The former employee did not have access to financial information, including credit or debit card numbers.
SSM Health is a Catholic, not-for-profit health system serving Illinois, Missouri, Oklahoma and Wisconsin. The organization launched an internal investigation after learning of the incident Oct. 30, according to a company statement.
The company is notifying all 29,000 patients whose records were accessed by the individual, even if the access may have been for legitimate job functions.
SSM Health reported the incident to the Office for Civil Rights and local law enforcement.
The organization is taking immediate corrective action, including requiring an additional identifier when patients request prescription refills from the call center, reviewing internal policies and procedures and strengthening employee access monitoring tools.
SSM Health will provide identity theft protection at no charge to affected patients upon their request.
SSM Health patients who feel they may have been impacted, but do not receive a notification, should call toll-free 888-710-9205.