Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Rocky Mountain Network (VISN 19)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on October 17, 2011. Also cited in 133 other reports.
Report ID: SPE000000067735, U.S. Department of Veterans Affairs
Reported Entity: VISN 19 Grand Junction, CO
Issue:
The Health Information Management Service (HIMS) Chief called the Information Security Officer (ISO) and asked the ISO to mark a patient record sensitive. The ISO marked the record. The HIMS chief called back and explained that she had just met with Veteran A who complained about his ex-wife knowing sensitive information from his VA medical record. The Veteran's ex-wife's sister works in Pharmacy, and the Veteran suspects that this employee viewed his record and disclosed sensitive information to Veteran's ex-wife. The Veteran told the HIMS chief that he had already filed a Privacy violation with Health and Human Services. Update: 10/24/11:The Privacy Officer is still investigating to see if an inappropriate access has taken place.11/17/11:After further investigation, the PO believes that employee did inappropriately disclose the information, but there is no hard evidence to prove it. To err on the side of caution, a letter of notification will be sent to the Veteran.
Outcome:
HIPAA/Privacy training was provided to all Pharmacy staff which addressed specific requirements and the expectations of 100% confidentiality of information obtained while on duty at this facility. Full investigation was completed and recommendation of administrative action provided to the Pharmacy Supervisors.