Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Health Care Upstate New York (VISN 2)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on April 3, 2013. Also cited in 132 other reports.
Report ID: PSETS0000087521, U.S. Department of Veterans Affairs
Reported Entity: VISN 02 Syracuse, NY
Issue:
A Hospital-Based Home Care Provider notified the Privacy Officer (PO) that paper copies of a patient's external medical records were missing from his office. The provider reported that he had placed the records on top of his trash bin to set them aside so he could review later. He stated that the records were in his office Monday evening which he locked upon leaving for the day. He reported that when he came in Tuesday morning and went to review the records, he realized they were gone. He stated that he checked his shredding bin and the records were not there. He stated that he also contacted the Housekeeping Supervisor who stated that he should not have left the records on top of his trash bin as it could have been mistaken by the housekeeper as trash or fallen in the trash bin which was likely to have been retrieved by Housekeeping that evening when cleaning the offices on that floor after hours. The provider reported that he needed to review the external records to place orders for the patient and contacted the Contract Nursing Home the patient was staying at to get another copy of the records. He stated he received the information and forwarded it to the Orthopedic Clinic Secretary for a consultation referral. The Privacy Officer obtained a copy of the external records that were received from the nursing home and identified that they were from an non-VA hospital the patient had been treated at before being discharged to the nursing home for rehabilitation. The records included were the nursing home face sheet, DNR consent form and the nursing home history and physical. In addition the records included copies of the non-VA hospital's Admission Note, History and Physical, Labs, X-Rays, CT Scans, and discharge summary. This resulted in the inappropriate disposal of the patient's sensitive information such as the patient's name. DOB, full SSN, home address, home phone, diagnoses, procedures, medications, lab results, and imaging test results. The Privacy Officer advised the provider to avoid placing patient records near the trash, rather in the future to place flipped over or in a file on his desk or file cabinet to ensure reasonable safeguards are in place when the room is accessed by housekeeping at night. Update: 04/04/13: The Veteran will receive a letter offering credit protection services. 05/22/13: This was determined to be HITECH reportable by VHA Privacy Office.
Outcome:
The provider was notified that housekeeping does have keys to his office for the purpose of cleaning off hours to not interrupt patient care. In addition, the provider was educated to ensure all PHI/PII in his office is properly secured (not placed on top of shred bin or trash can) before leaving for the day so not accessible to housekeepers who do not have a need to know. Lastly, the provider was advised to ensure any PHI/PII is placed in the shredding bin when no longer needed. Provider confirmed understanding and stated he would change his proceeds to the required practice. Resolved.