The Daniel Drake Center (DDC) for Post-Acute Care, which is part of the University of California’s health system, reported patient information was accessed and viewed by an unauthorized employee over a two-year period.
How many victims? 4,721
What type of information? The information that may have been viewed included the patients’ names, addresses, birthdate, medical record numbers, diagnosis/condition, lab results, treatment, and medication information. The patients’ full Social Security numbers were not included with the information.
What happened? Between July 29, 2015 and June 2, 2017 a DDC employee accessed and viewed some patient records without authorization.
What was the response? The employee was fired and starting on August 1, 2017 the DDC began emailing those affected to let them know their medical records had been accessed. The health facility is offering one year of credit monitoring to the victims and has implemented additional internal controls to proactively monitor access to electronic medical records. Also, additional training is being conducted to instruct its staff regarding appropriate access to such records.
Quote: “DDC sincerely regrets any inconvenience or concern this may cause for patients.”