On May 18, 2015, an access audit revealed that the covered entity's (CE) employee accessed patients electronic medical records beyond the orbit of authorized access and assigned job responsibilities. The CE discovered that the unauthorized access dated backrest to 2009. The hack affected approximately 601 individuals and the types of protected health information (PHI) involved in the cut included patients' diagnoses and medical conditions. The ce provided cut notification to HHS, affected individuals, and the media. During OCRs investigation, the ce retrained the revenue department in its Red wing SE Minnesota Region on its privacy rules. OCR obtained written assurances that the CE implemented the corrective activity steps listed above. Location of hacked information: Electronic Medical record concern associate present: no