Nashville, Tenn.-based Vanderbilt University Medical Center is notifying 3,247 patients that their medical information was accessed by unauthorized individuals, according to The Tennessean.
Between May 2015 and December 2016, two VUMC patient transporters accessed information from VUMC patients' electronic medical records, including names, birthdates, medical record identification numbers and some Social Security numbers.
"To our knowledge, the information the employees viewed was not printed, forwarded or downloaded," said VUMC Chief Communications Officer John Howser in a statement. "So far, we have no reason to believe that our patients' personal information has been used or disclosed in other ways. While we are not aware of any risk of financial harm to these patients, we are contacting each of them by letter to recommend that they vigilantly review account statements and their credit status."
VUMC has reported the breach to HHS. VUMC will offer credit monitoring services to patients whose Social Security numbers were accessed.
*Editor's note: This article previously stated the breach occurred during Vanderbilt UMC's Epic EHR implementation. However, the breach occurred between May 2015 and December 2016. The hospital is currently migrating its EHR to an Epic system, although a spokesperson for VUMC said the migration and breach are unrelated events.