3-Year Jail Term for VA Employee Who Stole Patient Data

A former employee of the Veteran Affairs Medical Center in Long Beach, CA who stole the protected health information (PHI) of more than 1,000 patients has been sentenced to three years in jail.

Albert Torres, 51, was employed as a clerk in the Long Beach Health System-run medical center – a position he held for less than a year. Torres was pulled over by police officers on April 12 after a check of his license plates revealed an anomaly – plates had been used on a private vehicle, which were typically reserved for commercial vehicles.

The police officers found prescription medications which Torres’ did not have a prescription for and the Social Security numbers and other PHI of 14 patients in his vehicle. A subsequent search of Torres’ apartment revealed he had hard drives and zip drives containing the PHI of 1,030 patients and more than $1,000 in cleaning supplies that had been stolen from the hospital.

After pleading guilty to several crimes, including identity theft and grand theft, Torres was sentenced to three years in state penitentiary on June 4.

Sutter Health Fires Employees for Attempted PHI Access

An undisclosed number of employees of Sutter Health have been fired for accessing the medical records of patients without authorization.

CBS 13 Sacramento reported that an anonymous source had confirmed that Sutter Health had fired two employees for searching for the medical records of the suspected Golden State Killer, Joseph DeAngelo.

Following the news report from CBS 13, Sutter Health spokesperson Gary Zavoral issued a statement confirming action had been taken in response to the improper accessing of PHI, according to the Sacramento Business Journal.

While Zavoral did not confirm the number of employees that had been terminated, nor the patient or patients whose medical records were accessed, he did confirm that the employees concerned had been terminated.

Sutter Health has a system in place that generates alerts when employees access medical records without authorization. When improper access is detected, it usually results in termination.

In addition to firing the employees concerned, Sutter Health has reminded all staff that the accessing of medical records is only permitted when there is a legitimate work reason for doing so. The person or persons whose medical records were accessed are being notified of the privacy breach.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.