Employees fired after medical records of VCU Health patients accessed

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

RICHMOND, Va. –The electronic medical records of 2,700 individuals or their children were improperly accessed, according to VCU Health System, who said there is no indication that the private health information has been or will be used for any unintended purposes. Several employees who partner with VCU Health System have been fired for accessing the records “without legitimate business reason.”

The breach occurred over a three-year period, between Jan. 3, 2014 and Jan. 10, 2017.

Information that may have been viewed includes the patient’s full name, home address, date of birth, medical record number, healthcare provider, visit dates, health insurance information and other medical information. In some instances, social security numbers also could have been viewed.

VCU Health System became aware of the incidents on Jan. 10, 2017, when an unusual pattern of accessing electronic medical records was detected.

Physicians in the community (not employed by the VCU Health System) have access to view the medical records of their patients who are referred to the VCU Health System for medical care and treatment. Access also is provided to certain contracted vendors, according to Mike Porter, with University Public Affairs.

Employees of some community physician groups and an employee of a contracted vendor accessed, without legitimate business reasons, information about services patients received at the VCU Health System, Porter said.

The respective employers terminated those employees

In addition, the VCU Health System has instituted new safeguards to prevent inappropriate access to the electronic medical record system, Porter said.

The electronic medical records were viewed without malicious intent and no information was inappropriately used, according to the investigation.

The VCU Health System is staffing a toll-free response line for patient questions at 844-308-6636. The health system also is providing one year of free credit monitoring and identity theft protection services to assist patients whose social security numbers were viewable. Instructions have been provided to all patients for placing a fraud alert, freezing a credit file, obtaining a free credit report and protecting health information.

**Editor’s note. The earlier version of this article stated only the records of children patients were accessed. **