Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Northwest Network (VISN 20)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on December 7, 2012. Also cited in 208 other reports.
Report ID: PSETS0000083373, U.S. Department of Veterans Affairs
Reported Entity: VISN 20 Seattle, WA
Issue:
The Chief of Health Information Management Service (HIMS) asked one of his employees to look up the appointment schedule for one of his friends. The friend's brother was in the Chief of HIMS office and wanted to know when his brother's appointment was over. The Administrative Officer (AO) for HIMS confronted the Chief of HIMS and the employee who looked up the information as the access was unauthorized and was not part of their official duties as VA employees. The AO did inform the employee and the Chief of HIMS that they would be reporting this violation to the Privacy Officer. Update: 12/07/12:The Veteran will receive a HIPAA letter of notification.
Outcome:
Employee was required to retake privacy trainings and was counseled regarding federal laws pertaining to accessing medical records. Employee was also reminded that the HIPAA Privacy Rule is very clear about how information can be shared and under what circumstances. Employee understands that her actions were inappropriate for a VA employee. PO has not received any response from Leadership as to whether the supervisor was counseled. PO is closing this ticket.