Norfolk, Va.-based Sentara Health reported a lab privacy incident with a former remote employee earlier this year.
The health system is notifying patients who received lab tests between Jan. 13 and Jan. 28 that their data may have been wrongly viewed. In a notice posted on Sentara’s website, the health system said its lab services department hired a remote employee to process lab requisitions last December. But, questions about the individual’s identity arose a month later.
“In January, after a virtual meeting with the individual, the individual’s manager made Sentara’s Privacy Department aware of concerns related to the individual’s identity, including whether the individual with whom the manager had been interacting was the person initially hired,” according to the statement.
The individual was terminated and Sentara launched an investigation that found the individual’s activities were similar to those reported in a job-sharing scam. Within the scam, individuals are hired for a job and then “hire” others to do the work for a percentage of the pay, sharing job duties without the employer’s knowledge.
Sentara reported the individual’s access to patient information was consistent with their job, but the health system was unable to ensure whether the individual hired was the person accessing the information, which included patient names, addresses, birth dates, Social Security numbers and lab test results.
“We take our responsibility to safeguard personal information seriously and apologize for any concern this incident might cause,” the health system said in its statement. “We are committed to taking steps to help prevent something like this from happening again, including evaluating additional platforms for educating staff and reviewing technical controls.”
