Nurse fired after 528 patients' records breached at Glendale Adventist Medical Center

A health-care professional at Glendale Adventist Medical Center was fired Wednesday over a privacy breach involving hundreds of patient medical records.

Glendale Adventist officials said in a statement on Friday that the protected health information of 528 patients was accessed without authorization by a hospital employee. The unauthorized access included 88 patient records from Glendale Adventist's sister hospital, White Memorial Medical Center in Boyle Heights.


The breach was discovered during a routine security review in June and, after an investigation, the source was confirmed as an employee and not an external hack. The employee, who was terminated, was working as a per-diem nurse.

"Our patients are our top priority and privacy is a critical part of our commitment to patient care," hospital spokeswoman Alicia Gonzalez said in an email. "We sincerely apologize for any impact this incident may have on patients affected."

The hospital has since informed all the patients whom they suspect were affected by the breach with information about how to further protect themselves.

Because it is an ongoing investigation, Glendale Adventist could not confirm specific data that was accessed or for what purpose.

Officials have confirmed, however, that there is a possibility that data includes patient demographics and more sensitive clinical information such as name, date of birth, address, diagnosis and Social Security number.

The employee had limited clinical access and exceeded the employee's authorization when accessing the 528 medical files, Gonzalez said.

The privacy rule of the federal Health Insurance Portability and Accountability Act limits the disclosure of what health information can be revealed without a patient's permission. A person who violates the privacy rule may face fines of up to $50,000 and up to one year imprisonment.

"We take this breach very seriously, and as a result are taking additional steps to both ensure this event is resolved as well as ensuring these events don't happen in the future," according to a hospital statement.