MU Health Care warns of data breach; more than 700 medical records accessed by employee

COLUMBIA, Mo. (KMIZ)

MU Health Care posted on its website that an employee accessed health information in the electronic medical record “inappropriately.”

MU Health said it learned about the incident on March 20. It said an investigation revealed the employee used EMR to access 736 medical records from July 2021-March 2023 without a verified HIPAA purpose.

MU Health claims data may have contained patient information including name, date of birth, medical record number, and limited treatment and/or clinical information, such as diagnostic and/or procedure information.

"I think it's important that we stress that we know that this occurred," MU Health spokesperson Eric Maze said. "But we don't have any indication that the information that was accessed was misused or re-disclosed."

According to MU Health, notification letters will be sent via mail to patients whose information may have been accessed.

The hospital is following policies and procedures to ensure another privacy breach doesn't happen in the future, Maze added. Additionally, Maze said MU Health is using workforce education to train appropriate access to patient information.

Because of personnel matters, Maze was unable to add the position of the worker and if they are still employed with the hospital. It's unclear if a criminal investigation will follow, but that decision could be released in the upcoming days, according to the spokesman.

For more information, call MU Health Care’s Privacy Office at 888-850-2357.