Snooping patient transport staff cause Vanderbilt breach
In late December, executives at Vanderbilt University Medical Center learned that two employees in the patient transport department were inappropriately accessing patients’ electronic medical records, obtaining more information than they needed to do their jobs, according to the hospital.
An audit found that the activity had been going on for 20 months with 3,247 patients affected. For a smaller but undisclosed number of patients, their Social Security numbers were viewed.
The university does not believe information was printed, forwarded or downloaded, and so far there is no indication that personal patient information was used in any way, a spokesman says.
Patients are being notified and given information on how to review account statements and their credit status. Patients whose Social Security numbers were accessed are being automatically enrolled for one year of credit monitoring and identity protection services from Experian. Also, other patients that request protective services will get it.
“We take the responsibility to protect the privacy of our patients very seriously and are doing all that we can do to address this issue,” Howser says. “We have implemented alternative procedures for patient transport staff to obtain the information they need for their jobs in a way that no longer includes access to patients’ electronic medical records.”
Disciplinary action was taken with the two employees, and other transport employees have been retrained on appropriate access to patient information, according to the hospital.