UC Davis Health updated its website on Dec. 6 with a “Substitute Notice of Unauthorized Access to Personal Health Information.” According to the notice, on Aug. 5, 2022, the organization concluded that a UC Davis Health employee accessed electronic medical records (EMRs) without a work purpose between November 2, 2017, and July 18, 2022.
The notice says that “The employee accessed demographic information including names, dates of birth, medical record numbers, addresses, and phone numbers, and clinical information contained in medical records. No financial or billing information was accessed and Social Security numbers were not viewed.”
UC Davis Health, according to the notice, does not believe that the EMRs were accessed to obtain financial information. Additionally, the health system says that there is no evidence that any information was removed from the records or shared with other parties.
“We reviewed this incident and are taking appropriate corrective action including reporting the breach both internally and externally to mitigate risk to affected patients and prevent similar future events,” the notice comments.
The patients that were affected were sent letters via first class mail between Aug. 23 and Aug. 25. As of Dec. 6, there are 22 patients that UC Davis Health was not able to reach and the notice on its website serves as substitute notification. A total of 408 individuals were affected by this incident.
