UnityPoint Health-Allen Hospital in Waterloo, Iowa, reported that patient information was exposed by a worker over a seven year period.
The hospital is notifying about1,620 patients that their personal information was inappropriately accessed by a now former employee.
The staffer was authorized to access patient information, but in this case she also viewed electronic medical records of patients outside the scope of her job, according to the Waterloo Cedar Falls Courier.
Names, addresses, dates of birth, medical and health insurance account numbers, social security numbers, and information related to treatment were accessed between September 2009 and March 2016, according to the publication.
Hospital staff detected the access to the medical records on March 14, 2016 and has since disabled the employee's account, took disciplinary action, and reported the incident to the U.S. Department of Health and Human Services.
Those affected are being notified and will be offered a year of identity fraud protection.
