Consequences of Veteran Affairs and Sutter Health HIPAA Breaches Revealed

A former member of staff at the Veteran Affairs Medical Center located in Long Beach, CA who illegally stole the protected health information (PHI) of over 1,000 patients has been given a three-year jail sentence.

Albert Torres, 51, was working as a clerk in the Long Beach Health System-run medical clinic – a role he held for less than 12 months. Torres was stopped over by police officers on April 12 after a review of his license plates showed a discrepancy – plates had been used on a private vehicle, which were normally reserved for commercial vehicles.

The police officers discovered prescription medications which Torres’ did not have a valid prescription for and the Social Security numbers and other PHI of 14 patients in his car. A search of Torres’ home showed he had hard drives and zip drives storing the PHI of 1,030 patients and more than $1,000 in cleaning supplies that had been illegally taken from the hospital.

After enter a guilty plea to several crimes, including identity theft and grand theft, Torres was given a three-years sentence in state penitentiary on June 4.

Meanwhile an undisclosed number of staff members of Sutter Health have had their employment terminated for accessing the medical records of patients without official permission.

CBS 13 Sacramento revealed that an anonymous source had advised them that Sutter Health had sacked two members of staff for searching for the medical histories of the suspected Golden State Killer, Joseph DeAngelo.

In the aftermath of the news report broadcast by CBS 13, Sutter Health spokesperson Gary Zavoral released a statement confirming action had been taken in response to the improper viewing of PHI, according to the Sacramento Business Journal.

While Zavoral did not reveal the number of employees that had been fired, nor the patient or patients whose medical records were taken, he did confirm that the employees guilty of the misdeameanour had been terminated.

Sutter Health has a process in place that generates alerts when workers view medical records without authorization. When improper access is discovered, it usually results in sacking.

Along with firing the guilty employees, Sutter Health has reminded all employees that the accessing of medical records is only allowable when there is a legitimate work reason for doing so. The individual(s) whose medical records were obtained  are being made aware of the privacy breach.