Employees at Vanderbilt University Medical Center “inappropriately accessed” the electronic records of patients in an unauthorized manner, according to hospital officials.
The employees were reportedly working as patient transporters when the hospital says they went beyond the scope of the information needed to fulfill their responsibilities.
Officials said they became aware of the situation on Dec. 27, 2016.
Spokeswoman Kristin Smart said in a press release all patients whose records were accessed will be notified through a letter from the hospital with information on who to contact for questions or assistance.
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
After the discovery was made, Vanderbilt’s Privacy Office reportedly completed an audit of electronic medical records accessed by those employees between May 2015 and December 2016.
Two employees viewed unauthorized information of adult and pediatric patients, the audit found.
The information they accessed included patients’ names, dates of birth, medical numbers for internal record-keeping, and clinical information.
The hospital says in a limited number of instances one employee was able to view patients’ social security numbers.
Below is a statement from John Howser, Chief Communications Officer for Vanderbilt University Medical Center:
We are committed to providing our patients the highest quality care and protecting the confidentiality of their personal information. To our knowledge, the information the employees viewed was not printed, forwarded or downloaded. So far, we have no reason to believe that our patients’ personal information has been used or disclosed in other ways.
While we are not aware of any risk of financial harm to these patients, we are contacting each of them by letter to recommend that they vigilantly review account statements and their credit status.
Out of an abundance of caution, we are also offering patients whose social security information was accessed a free one-year membership for Experian Family Secure credit monitoring. This product helps detect possible misuse of personal information and provides identity protection services focused on immediate identification and resolution of identity theft.
Howser noted the hospital has implemented “alternative procedures” for patient transport staff to get the information they need for their jobs. Those new procedures reportedly no longer include access to patients’ electronic medical records.
“In addition, appropriate disciplinary action was taken with the employees involved in this incident. Employees from the department involved have been retrained on appropriate access to patient information,” Howser said.
Date:February 24, 2017