Consequences of Veteran Affairs and Sutter Health HIPAA Breaches Revealed

by Ryan Coyne | Jun 19, 2018

A former member of staff at the Veteran Affairs Medical Center located in Long Beach, CA who illegally stole the protected health information (PHI) of over 1,000 patients has been given a three-year jail sentence.

Albert Torres, 51, was working as a clerk in the Long Beach Health System-run medical clinic – a role he held for less than 12 months. Torres was stopped over by police officers on April 12 after a review of his license plates showed a discrepancy – plates had been used on a private vehicle, which were normally reserved for commercial vehicles.

The police officers discovered prescription medications which Torres’ did not have a valid prescription for and the Social Security numbers and other PHI of 14 patients in his car. A search of Torres’ home showed he had hard drives and zip drives storing the PHI of 1,030 patients and more than $1,000 in cleaning supplies that had been illegally taken from the hospital.

After enter a guilty plea to several crimes, including identity theft and grand theft, Torres was given a three-years sentence in state penitentiary on June 4.

Meanwhile an undisclosed number of staff members of Sutter Health have had their employment terminated for accessing the medical records of patients without official permission.

CBS 13 Sacramento revealed that an anonymous source had advised them that Sutter Health had sacked two members of staff for searching for the medical histories of the suspected Golden State Killer, Joseph DeAngelo.

In the aftermath of the news report broadcast by CBS 13, Sutter Health spokesperson Gary Zavoral released a statement confirming action had been taken in response to the improper viewing of PHI, according to the Sacramento Business Journal.

While Zavoral did not reveal the number of employees that had been fired, nor the patient or patients whose medical records were taken, he did confirm that the employees guilty of the misdeameanour had been terminated.

Sutter Health has a process in place that generates alerts when workers view medical records without authorization. When improper access is discovered, it usually results in sacking.

Along with firing the guilty employees, Sutter Health has reminded all employees that the accessing of medical records is only allowable when there is a legitimate work reason for doing so. The individual(s) whose medical records were obtained are being made aware of the privacy breach.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Used in 1000+ Healthcare Organizations and 100+ Universities

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter