Substitute Notice of Unauthorized Access to Personal Health Information
December 6, 2022
UC Davis Health is committed to maintaining the privacy and security of our patients’ health information. For this reason, it is important to us to notify affected patients of a recent privacy event involving unauthorized access to health information.
As part of UC Davis Health’s Privacy Program, we routinely monitor and review access to our patients’ Electronic Medical Records (EMR). On August 5, 2022, we determined that a UC Davis Health employee accessed EMRs without a work purpose between November 2, 2017, and July 18, 2022. The employee accessed demographic information including names, dates of birth, medical record numbers, addresses, and phone numbers, and clinical information contained in medical records. No financial or billing information was accessed and Social Security numbers were not viewed. We do not believe that the intent of this access was to obtain financial information, and we have no evidence that any information was removed from the records or shared with anyone else.
We reviewed this incident and are taking appropriate corrective action including reporting the breach both internally and externally to mitigate risk to affected patients and prevent similar future events. Affected patients were notified by first class mail between August 23, 2022, and August 25, 2022. As of the date of this posting, this notice serves as substitute notification for 22 patients UC Davis Health has been unable to reach out of the 408 total patients UC Davis Health is notifying due to this incident.
UC Davis Health is committed to providing quality care, which includes protecting your personal information. We sincerely apologize for this unauthorized access and any inconvenience it may cause. Your confidence in our ability to safeguard your personal information is especially important to us. Should you have any questions or concerns regarding this matter, please call UC Davis Health at 844-850-0076 and reference engagement number B081262, or email us at firstname.lastname@example.org.
Privacy Program Compliance and Privacy Services Department