Employee Guilty of PHI Theft Jailed: Snooping Employees Fired

An ex-employee of Veteran Affairs Medical Center in Long Beach, CA named Albert Torres, 51, was sentenced to three years in jail for stealing the protected health information (PHI) of over 1,000 patients. Torres was a clerk in the Long Beach Health System-run medical center for under a year. On April 12, Torres was stopped by police officers who checked his license plate and found an anomaly. Allegedly, the plate was used on a private vehicle, even if it was reserved for a commercial vehicle.

The police officers discovered prescription drugs which Torres’ failed to show a prescription for. They also saw the Social Security numbers along with other PHI of 14 patients in his car. A subsequent search of Torres’ residence revealed hard drives containing the PHI of 1,030 patients and $1,000 worth of cleaning supplies that he stole from the hospital.

Torres pleaded guilty to a number of crimes, which include identity theft and grand theft and was sentenced to spend three years in jail on June 4.

Sutter Health Fires Employees for Snooping on Medical Records

Sutter Health has fired employees for accessing the health records of patients without authorization. CBS 13 Sacramento noted that an unknown source had verified that Sutter Health dismissed two employees for snooping on the health records of Joseph DeAngelo, the suspected Golden State Killer.

Following the CBS 13 news report, Sutter Health spokesperson Gary Zavoral released an statement confirming action had been taken to address the unethical accessing of PHI, according to the Sacramento Business Journal. Although Zavoral did not say how many employees were terminated, nor the number of patients whose health records were compromised, he did confirm that employees had been fired over the privacy violations.

Sutter Health has technology in place that triggers alerts when personnel access health records with no authorization. Any time unauthorized access is identified, it generally results in  termination. Besides firing the employees involved, Sutter Health has reminded all employees that accessing health records is only allowed if there’s a legitimate work reason for to do so.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Sutter Health has now notified the patient(s) whose privacy was violated by its employees.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/