Updated: 10/27/2013 12:01 PM
Created: 10/25/2013 7:44 PM KSTP.com
By: Stephen Tellier
A medical assistant at the Allina Health Inver Grove Heights clinic has been fired, after the company said the employee looked at more than 3,800 patient records from several clinics.
Letters have been mailed to those affected patients, but they won't be received until next week. So many patients will spend the weekend wondering.
Unfortunately, little Eli is kind of a regular at the clinic, and he was back again on Friday.
"To check for an ear infection. We bring him here a lot," said Jennifer Kaczrowski, Eli's mother, with a laugh.
But it was only upon leaving the clinic that Kaczrowski learned what happened.
"It's scary because we bring him here a lot and he's got his information on file, and you know, I don't want his information out there for other people to get," Kaczrowski said.
Allina Health confirmed the breach late Friday afternoon, releasing a statement saying, "Allina Health determined that this employee had accessed the records of patients between February 2010 and September 2013 without authorization. This employee had access to demographic information, clinical information, health insurance information and the last four digits of social security numbers."
It continued, "... there is no evidence to suggest this information is being used for financial gain."
"Why would you take it if you weren't going to do something with it?" Kaczrowski said.
Letters are in the mail for affected patients.
"It would be nice to get a letter either way so you know that there's that potential," Kaczrowski said.
Allina's president and chief clinical officer, Penny Wheeler, said, "We take patient privacy very seriously and we have zero tolerance for unnecessary and unauthorized access to patient information."
But questions remain for at least one patient.
"You never know how many other times it happened or if they really got more than they think they did," Kaczrowski said.
Allina said it has arranged for all patients who had their records accessed to receive identity monitoring services at no cost. It also said it's evaluating its policies and examining its computer security programs in the wake of this incident.