Patient information at Vanderbilt University Medical Center including medical records have been "inappropriately" accessed.
Hospital officials made the announcement in a press release Friday that they learned of the breach on Dec. 27, 2016.
Employees working as patient transporters were accessing patients’ electronic medical records in an unauthorized manner by going beyond the scope of the information needed to fulfill their work-related responsibilities.
VUMC then conducted a full audit of the records accessed between May 2015 and December 2016.
They found that two employees viewed unauthorized information of adult and pediatric patients including: patients’ names, dates of birth, their medical record numbers used for internal record keeping and clinical information. In a limited number of instances one employee was able to view patients’ social security numbers.
“We are committed to providing our patients the highest quality care and protecting the confidentiality of their personal information. To our knowledge, the information the employees viewed was not printed, forwarded or downloaded. So far, we have no reason to believe that our patients’ personal information has been used or disclosed in other ways,” said John Howser, Chief Communications Officer for VUMC. “While we are not aware of any risk of financial harm to these patients, we are contacting each of them by letter to recommend that they vigilantly review account statements and their credit status.
“Out of an abundance of caution, we are also offering patients whose social security information was accessed a free one-year membership for Experian Family Secure credit monitoring. This product helps detect possible misuse of personal information and provides identity protection services focused on immediate identification and resolution of identity theft,” he said.
Enrollment in Experian’s Family Secure will not affect an enrollee’s credit score. If at any time patients who are notified by letter would like information about obtaining a credit report or activating the free credit monitoring service they will be able to seek assistance by calling 1-844-856-9324. In addition, the Identity Theft Resource Center (ITRC) is a national resource that provides guides for preventing and managing identity theft at www.idtheftcenter.org.
“We take the responsibility to protect the privacy of our patients very seriously and are doing all that we can do to address this issue. We have implemented alternative procedures for patient transport staff to obtain the information they need for their jobs in a way that that no longer includes access to patients’ electronic medical records. In addition, appropriate disciplinary action was taken with the employees involved in this incident. Employees from the department involved have been retrained on appropriate access to patient information,” Howser said.