Healthcare job applicants given real patient data for practice
Healthcare and Public Health // California, United States
Rady Children's Hospital employees mistakenly provided files on more than 14,000 individuals to several prospective personnel.
The files were sent as training material to evaluate the job applicants’ skills.
“The information breach was the result of human error, and the hospital’s computers systems were never compromised,” officials told Fox 5.
The file sent to four job applicants was a spreadsheet containing data on 14,121 patients, including names, dates of birth, primary diagnoses, admit/discharge dates, medical record numbers, and other information such as insurance carrier and claim information.
It did not contain Social Security, insurance or credit card numbers, street addresses, or parent and guardian names.
One of the applicants had forwarded the file to two other people. The hospital hired security specialists to verify that the files had been deleted from all the recipients’ computers and digital devices.
The hospital notified all patients listed they could by telephone and sent out letters explaining the breach to everyone on June 16.
The incident prompted an internal review that led to the discovery of a similar breach in 2012, in which less detailed information about more than 6,000 patients was accidentally sent to job applicants.
From now on, hospital officials say they will use commercial testing programs to evaluate job candidates only onsite.