Employees breach more than 3,000 records at Nashville medical center

A Nashville medical center notified more than 3,000 individuals of a breach of protected health information (PHI), The Tennessean reported February 24.

Two patient transporters at Vanderbilt University Medical Center (VUMC) inappropriately accessed the PHI of 3,247 individuals, including adult and pediatric patients, between May 2015 and December 2016, according to The Tennessean. Information affected by the breach included names, birth dates, and medical record identification numbers. In addition, one employee was able to access the Social Security numbers of several patients. The breach was discovered during an audit of electronic health records (EHR) conducted by VUMC’s privacy office.

VUMC took disciplinary action against the employees but did not disclose details on the nature of the action, The Tennessean said.

VUMC is offering one year of free credit monitoring services to patients whose Social Security numbers were accessed. There is currently no evidence that the employees downloaded, copied, or used the information they accessed.

VUMC made adjustments to information access settings in response to the breach. Patient transport staff no longer have access to EHRs and staff were retrained about access to information policies and regulations.