UC Irvine Medical Center said 4,859 patients are being notified of a data breach involving their sensitive medical information.
The hospital said it discovered in March that an employee improperly accessed information including patient names, dates of birth, addresses, diagnoses, medical tests and prescriptions.
The hospital worker, without permission, also looked at patients' employment status and health plan information. This breach occurred from June 2011 to March 2015.
John Murray, a hospital spokesman, said it doesn't appear the employee accessed or distributed Social Security numbers or debit or credit card information.
The hospital said it hired outside experts in computer forensics to analyze the employee's hard drive and email.
"Their investigation has found no evidence that this employee removed any patient information," Murray said.
UC Irvine said it notified state health officials about the breach and reported the incident to the university's police department. Murray said police are conducting an ongoing criminal investigation.
The hospital said the employee was disciplined, but further details on the person's current employment status there weren't immediately available.
The medical center sent letters this week to the affected patients and offered them one year of free credit monitoring and identity theft protection. For more information, consumers can call (888) 653-6036.
UC Irvine said it "regrets any inconvenience, stress or worry this news may have caused our patients. Our goal is to ensure the privacy of patients' personal information."