The hospital records of approximately 6,500 patients were removed without authorization from the premises of Tri-City Medical Center in Oceanside on Aug. 8, the hospital announced.
A former employee took logs from the Emergency Department of patients who had been admitted to the hospital or transferred to other facilities between Dec. 1, 2013 and May 13, 2014. The records included: patients’ names, dates of birth, admitting physician, medical record number, diagnosis and admit date and time. The records, however, did not include Social Security numbers or financial information.
The records were on the lower shelf of a cart used to transport personal belongings from the former employee’s office, according to U-T San Diego. It was an accidental removal and the employee notified a member of Tri-City’s Governance Committee of the incident shortly after he discovered the files had been loaded into his vehicle, the U-T reported. The committee member advised the employee to turn the records over to the health department so it would not look like there was a cover up, according to the U-T.
The hospital reported the incident to the police and notified patients who may be at risk, although there is no indication that the personal information has been used in any way so far.
Earlier this summer, Rady Children’s Hospital dealt with a similar data breach in which the records of more than 14,000 patients were mistakenly sent out to job applicants. The records in that case also did not contain Social Security numbers or financial information, but did include names, medical records, and insurance information.
