Consequences of Veteran Affairs and Sutter Health HIPAA Breaches Revealed

by | Jun 19, 2018

A former member of staff at the Veteran Affairs Medical Center located in Long Beach, CA who illegally stole the protected health information (PHI) of over 1,000 patients has been given a three-year jail sentence.

Albert Torres, 51, was working as a clerk in the Long Beach Health System-run medical clinic – a role he held for less than 12 months. Torres was stopped over by police officers on April 12 after a review of his license plates showed a discrepancy – plates had been used on a private vehicle, which were normally reserved for commercial vehicles.

The police officers discovered prescription medications which Torres’ did not have a valid prescription for and the Social Security numbers and other PHI of 14 patients in his car. A search of Torres’ home showed he had hard drives and zip drives storing the PHI of 1,030 patients and more than $1,000 in cleaning supplies that had been illegally taken from the hospital.

After enter a guilty plea to several crimes, including identity theft and grand theft, Torres was given a three-years sentence in state penitentiary on June 4.

Meanwhile an undisclosed number of staff members of Sutter Health have had their employment terminated for accessing the medical records of patients without official permission.

CBS 13 Sacramento revealed that an anonymous source had advised them that Sutter Health had sacked two members of staff for searching for the medical histories of the suspected Golden State Killer, Joseph DeAngelo.

In the aftermath of the news report broadcast by CBS 13, Sutter Health spokesperson Gary Zavoral released a statement confirming action had been taken in response to the improper viewing of PHI, according to the Sacramento Business Journal.

While Zavoral did not reveal the number of employees that had been fired, nor the patient or patients whose medical records were taken, he did confirm that the employees guilty of the misdeameanour had been terminated.

Sutter Health has a process in place that generates alerts when workers view medical records without authorization. When improper access is discovered, it usually results in sacking.

Along with firing the guilty employees, Sutter Health has reminded all employees that the accessing of medical records is only allowable when there is a legitimate work reason for doing so. The individual(s) whose medical records were obtained  are being made aware of the privacy breach.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy