Oregon Police, ProMedica Health System officials to discuss results of data breach investigation

Oregon Police and ProMedica Health System officials plan to hold a joint news conference Friday to discuss results of a criminal investigation into a breach of nearly 600 patient records at Bay Park Hospital.

Police Chief Mike Navarre launched the investigation on May 30 after Bay Park officials informed the public that an employee accessed nearly 594 patient records between April 1, 2013, and April 1, 2014, and that the person responsible was not directly treating the patients.

It was later revealed by police and ProMedica officials that the employee was a woman who was employed as respiratory therapist at the hospital. ProMedica officials said the woman gave contradictory accounts as to why she compromised the patients’‍ records, then quit and walked out of a meeting at which hospital officials questioned her about the incident.

“Based on our records, we don’t believe the information accessed by the employee contained any financial information, including Social Security numbers, or that the employee intended to retain any viewed information,” hospital officials said last month.

When Chief Navarre learned about the data breach from news media, he contacted hospital officials and then decided to begin a criminal investigation.

“Based on what I was told today, I think it warrants a criminal investigation that will determine what laws were broken,” he said last month.

The hospital sent letters to individuals whose records were compromised and offered to pay for identity-theft protection services for those affected for up to a year.

In similar cases of hospital-data breaches, people responsible have faced federal criminal prosecution for identity theft and privacy-law violations.

In 2012 an employee who accessed personal patient information at Northwestern Memorial Hospital in Chicago was charged with identity theft. In 2011, a former employee of the University of Pittsburgh Medical Center Shadyside, near Pittsburgh, pleaded guilty to violating the Health Insurance Portability and Accountability Act after stealing patients’‍ personal information.

ProMedica officials said the incident was also reported the U.S.Department of Health and Human Services. A spokesperson for the HHS Department of Civil Rights said the federal investigation into possible violations of the Health Insurance Portability and Accountability Act (HIPAA) could take years to complete.