[BreachExchange] Sutter Health employees fired after inappropriately accessing medical records

[Inga Goddijn]

https://www.beckershospitalreview.com/healthcare-information-technology/sutter-health-employees-fired-after-inappropriately-accessing-medical-records

Sacramento, Calif.-based Sutter Health reportedly fired two employees after
they allegedly inappropriately accessed medical records, according to *CBS13
Sacramento
<http://sacramento.cbslocal.com/2018/06/12/sutter-health-medical-records-firings/>*
.

An undisclosed source told *CBS13* *Sacramento* the employees were
terminated for looking into the medical records of Joseph DeAngelo, who
police suspect to be the Golden State Killer, according to the report.

A Sutter Health spokesperson did not confirm to *CBS13 **Sacramento* the
identities of the terminated employees or whose medical records had been
accessed. However, the spokesperson did confirm the health system's privacy
monitoring technology had detected inappropriate access, and confirmed some
employees had been fired.

Liz Madison, a spokesperson for Sutter Health, told *Becker's Hospital
Review* in a statement June 14, "At Sutter Health, we take the safety of
our patients’ information very seriously. We have made significant
investments over the past several years to protect our patients’
information including putting sophisticated monitoring tools in place to
identify inappropriate accesses to medical records.While I cannot confirm
specific patient identities, I can confirm that our privacy auditing and
monitoring technology recently detected inappropriate access, and the
individuals involved are no longer employed by Sutter Health."

"Following their termination, we reminded all employees of our zero
tolerance policy and our shared responsibility to protect the safety of our
patients, which includes only accessing patient information with a
legitimate business reason. We spend many hours training our workforce on
the importance of privacy and information security including inappropriate
access. We value our patients trust, and any other access is unacceptable
and will not be tolerated. Additionally, we are in the process of notifying
the affected patients and regulators. Protecting the safety of our
patients, which includes protecting the security of their information, is
an essential part of delivering on our mission to provide exceptional,
personalized and compassionate care."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180618/c75ebb34/attachment.html>