Substitute Notice for HIPAA Breach Notification

March 21, 2024

Workforce Member Accessed/Viewed Records

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires Valley Children’s Hospital to notify potentially affected individuals of improper disclosures of Protected Health Information (PHI).

On May 2, 2023, we were informed that a workforce member without proper authorization accessed limited patient protected health information. We were made aware of this incident when performing a proactive internal audit. We have no reason to believe that the information was further disclosed. The information was inappropriately accessed between June 2, 2022 and May 1, 2023.

An investigation was immediately initiated and the workforce member’s access to our system was removed.

The information viewed may have included patient clinical information, flowsheets and clinical notes. The information did not include bank account or credit/payment card information, Social Security or financial information.

Notification letters to individuals whose information was involved in this incident were mailed throughout May and June of 2023. This message constitutes substitute notice for a very limited group of individuals who we were unable reach directly. We sincerely regret this incident occurred and have taken appropriate measures to do everything that we reasonably can to prevent any similar incident in the future.

If you have any questions or believe you or your child may have been one of the individuals with an undeliverable address, please contact Valley Children’s Healthcare Privacy Office by calling this toll-free number - 1-833-910-2590 - Monday through Friday between 8:30 a.m. to 4:30 p.m. Pacific Time or emailing Privacy@valleychildrens.org.