Long Beach, Calif.-based Tibor Rubin VA Medical Center employees transferred more than 100 patients' private health information via personal and unsecured text messages, email accounts and flash drives between 2013 and 2017, Press-Telegram reports.
The medical center's gastroenterology staff used the personal accounts to share patient information because of an incompatibility between Tibor Rubin VA Medical Center' EHR software and an esophagus diagnostic tool, according to a July 31 report conducted by the Veterans Administration's Office of the Inspector General, the publication reports.
Because of the unsecured transfer methods, 133 patients' records were potentially exposed to outside parties. After reviewing the communications between the gastroenterologist and his staff, OIG found 99 percent of emails and 91.7 percent of text messages comprised sensitive information, such as full and partial Social Security numbers.
OIG did not find any evidence that the patients' data was compromised due to the unsecure transfers, which began in 2013 following Tibor Rubin VA Medical Center's upgrade to a Windows 7 operating system. The issue was not fixed until 2017.
A spokesperson for Tibor Rubin VA Medical Center did not return Press-Telegram's comment requests. OIG issued six recommendations to support privacy policies at the facility, which the center's medical director agreed with, the publication reports.