Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Northwest Network (VISN 20)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on October 30, 2012. Also cited in 208 other reports.
Report ID: PSETS0000081753, U.S. Department of Veterans Affairs
Reported Entity: VISN 20 Spokane, WA
Issue:
A Veteran issued a complaint that a VA nurse contacted his old caregiver point of contact and disclosed health care appointment information. Update: 10/30/12:The Veteran entered into a caregiver certification program support agreement with caregiver A on 07/02/12. On 07/10/12, the Veteran requested that the new caregiver agreement be revoked.11/26/12:The Privacy Officer (PO) contacted the employee in question. The employee verified that the contact had indeed been made to the Veteran's ex-caregiver. The employee states that all other referenced phone numbers listed in Veteran's record were invalid. The employee was greatly concerned for the well being of the Veteran and contacted the ex-caregiver out of medical concern. The employee states the only verbal disclosure made was a request that the ex-caregiver let the Veteran know that they needed to call the VA to reschedule their appointment as soon as possible. No diagnosis or other protected health information (PHI) was disclosed.11/28/12:The employee, who is a Nurse, verbally disclosed the following on the phone: "if you do speak to [Veteran] please have him call VA to schedule a cardiac monitor if that is the [Veteran]'s wish". No other PHI was disclosed. No SSN, no DOB, and no diagnosis were discussed.11/29/12:The Veteran will receive a HIPAA letter of notification.
Outcome:
New contact information has been updated in Veterans record. Employee has been counseled. Notification letter completed.