WASHINGTON - The D.C. Department of Behavioral Health is finally responding after FOX 5 uncovered a case worker responsible for a massive security breach of patient information last month.
LaTonya Vaughter was employed by Inner City Family Services, a company contracted by the city. She also was found to have a criminal background that included two felony counts for grand larceny.
The District said the case worker underwent a background check, but admits there were flaws.
Back on January 17, college student Briana Jenkins contacted FOX 5 after she received a dozen confidential patient case files from Vaughter. Jenkins said she received the files on four days before after responding to job ad on Facebook. The files included names, social security numbers, medical records and more. Vaughter would later be fired after our report.
Nearly two weeks later, we interviewed Inner City Family Services patients Adrian Jordan and Gregory Miller. Both said they were unaware of the security breach until we told them about it. Miller said there were accounts under his name that he was unaware of and there were tickets for a car he doesn't own.
FOX 5 confronted Mayor Muriel Bowser Monday night about this, who told us an update would be coming from the Department of Behavioral Health director Dr. Tanya Royster. She finally talked to FOX 5 Tuesday evening.
According to Royster, Vaughter passed a background check because it was only performed in D.C. and the crimes she committed were in Virginia.
Contractors for the District are only instructed to perform background checks on prospective employees, but there is no policy in place about who performs the background check or how exhaustive it is.
"We will clarify how extensive that background check should be," Royster told FOX 5.
We also asked Royster why the city continues to do business with Inner City Family Services.
"Any time a provider closes, whether it's their choice or if something happens, a fire or something, we have to ensure that there is a safe transition of care," she said. "So you would not overnight close an agency. That would be dangerous. You need to have a process and a protocol. Our typical closure protocol is 90 days."
Dr. Royster did not give an apology for what happened to the 12 victims who may have had their personal information potentially exposed. But she said, "We certainly would not want this to happen to anyone."
Royster called the massive security breach unfortunate and the current policy does not require contractors to perform an exhaustive nationwide background check.
"Because things happen in the human world," said Royster. "We have a policy and Inner City Family Services followed that policy. This is one individual employee that they hired who went outside of the norm that you would expect of any healthcare provider."
The security breach is not the only issue plaguing Inner City Family Services. Patients have complained about the lack of care they are receiving. Royster said they have no evidence indicating problems, but ask patients to call their department about any issue.