Two employees in the patient transport department of Vanderbelt University Medical Center accessed patient data.

How many victims? 3,247 patients.

What type of information? Names, birthdates, medical record identification numbers and some Social Security numbers.

What happened? During an audit of Nashville-based Vanderbilt University Medical Center, executives learned that two employees had inappropriately been viewing patient records between May 2015 and December 2016. While a spokesperson said that patients’ electronic medical records were viewed, it is believed that none of the records were printed or shared.

What was the response? Notices are being sent to those affected with information on how to review account statements and credit status. Those whose SSN was accessed were automatically enrolled for one year of credit monitoring and identity protection services. The two employees accused of viewing the records were disciplined, and colleagues received further training on correct use of records.

Quote: “We have implemented alternative procedures for patient transport staff to obtain the information they need for their jobs in a way that no longer includes access to patients’ electronic medical records.” –John Howser, chief communications officer, VUMC

Sources: Becker’s Health IT & CIO Review