The VCU Health System notified about 2,700 people last week that their, or their minor child’s, electronic medical records were “inappropriately accessed over a three-year period”, according to a March 10 university statement.
According to the university, the breach was detected on Jan. 10 when an “unusual pattern of accessing electronic medical records” was detected.
“I wouldn’t speculate on potential motives but would like to reaffirm that the investigation indicated the electronic medical records were viewed without malicious intent and no information was inappropriately used,” said Michael Porter, associate vice president for public affairs at VCU, in an email.
Information that may have been viewed includes the patient’s name, home address, date of birth, medical record number, health care provider, visit dates, health insurance information and other similar medical information. Social security numbers may have also been viewed.
Access to such files is provided to VCUHS’ partner practices and physicians throughout Richmond; these partners are not employed by the university.
In an investigation following the breach, university officials learned the unauthorized access was conducted independently by employees of certain community physician groups and “an employee of a contracted vendor.” As a result, these employees have been terminated.
Porter said the university is not authorized to release the names of these organizations or employees.
VCUHS has since instituted new “safeguards” to prevent further access into patients’ medical records.
“In order to minimize inappropriate access to data, VCUHS has internal controls in place to proactively detect inappropriate access,” Porter said. “To the extent that any inappropriate access is detected follows internal protocols and process, which are consistent with regulatory requirements and industry standards for reporting and handling.”
Following last week’s breach, Porter said similar matters at the university “have been rare,” however this is not the first time private information has been accessed at VCU.
In November 2011, the VCU community was warned of a potential breach in informational security. A server containing the personal information of 176,567 current and former members of the university had been hacked, but the risk of stolen or compromised information was low.
The server contained contact information, social security numbers, phone numbers and other forms of personal identification.
Maura is a senior pursuing degrees in cinema and mass communications. This is her second year at the CT; prior to joining transferring to VCU, Maura was the news editor for two years at Virginia Tech’s student newspaper, the Collegiate Times. Maura has been published in USA TODAY, Elite Daily and other online publications. Her ideal job would involve combining investigative journalism and film. If all else fails, hopefully The Onion will be hiring.
Twitter | Facebook | LinkedIn | Portfolio | email@example.com