District health board general manager governance and quality/privacy officer Gail Bingham said the staff member committed "serious misconduct", resulting in termination of their employment.
Ms Bingham would not comment on the staff member's name or the department they worked in.
"Unfortunately a trusted employee with employment-related access to clinical records has chosen to abuse their position and access the system for their own purposes."
Until the investigation was completed no specific charges of serious misconduct could be made and the staff member continued in their work during that time, Ms Bingham said.
"However her access was closely monitored during this period to ensure her access to clinical records was for legitimate work purposes only."
In the review the board matched every access to clinical records the individual had in her role against those patients' attendance at/or admission to hospital. The investigation identified 48 breaches and the board is satisfied no further breaches occurred, Ms Bingham said.
A patient who received a letter last month informing her of the breach said she still had questions about what had occurred.
"It was like we're investigating a breach of privacy, have a nice day'. I was just like 'what the heck'. Why would this person want to access my medical files? I don't know what she's looking at."
She said the breaches could be traumatic for vulnerable patients.
A district health board employee said she was concerned the board failed to respond appropriately to the breaches.
"In that four-and-a-half months she was still there at her computer. She could have still been delving into files," the source said.
"We don't know why she did it but she had a huge mouth."
The source said the woman brought up patients' details in conversations.
This raised concern among other employees about the type of information the staff member had access to and management was informed.
"It's just not fair," the source said.
"Too many people were affected and why should everyone else be under suspicion?"
The source did not want to be identified for fear of losing her job but felt upset enough to speak out.
"I really think it needs to be brought out into the open. I think they need to say sorry."
The letter sent to victims apologised for the breaches, saying the staff member breached both the Privacy Code and the Bay of Plenty District Health Board's own policy.