Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Health Care Upstate New York (VISN 2)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on March 24, 2011. Also cited in 132 other reports.
Report ID: SPE000000059974, U.S. Department of Veterans Affairs
Reported Entity: VISN 02 Syracuse, NY
Issue:
On 03/24/11, it was determined that a Syracuse VA employee, who was not on duty at the time of access, entered her father's (an inpatient in the Intensive Care Unit (ICU), medical record. The employee entered this record to dispute a nursing order and had no authorization to do so. As a result of the Information Security Officer's (ISO) investigation, it was determined that access to this sensitive record was inappropriate, and the information has been sent to Human Resources for supervisory action. Update: 03/24/11:This is a policy violation, no data breach occurred.04/13/11:An appeals was filed. The DBCT reviewed and granted the appeal based on the evidence submitted that there is no way to know that the patient welcomed the family member's involvement and that all incidents involving inappropriate access should be handled the same way. Notification is now required.
Outcome:
Employee issued sanctions in the form of a reprimand per HR and Business Office Manager. She was also educated on the requirement to only access a patient's medical record based on a need to know to do her job and anything outside of that is considered a privacy violation.