Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Mid South Healthcare Network (VISN 9)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on June 6, 2012. Also cited in 328 other reports.
Report ID: SPE000000076407, U.S. Department of Veterans Affairs
Reported Entity: VISN 09 Louisville, KY
Issue:
A VA Nursing Secretary reported to an Administrative Assistant that a relative of the secretary asked her to look up a VA Patient who happens to be their mutual relative to find out what was wrong with him. The Secretary indicated that she needed experience in CPRS and that is why she was in CPRS, to refresh her memory. The Administrative Assistant told her this was a HIPAA violation and it was being reported as necessary. Update: 06/07/12: The employee did look up their relatives information without a duty related reason to do so. The relative will be sent a letter of notification.
Outcome:
The PO interviewed the Nursing Secretary with regard to accessing her cousin's medical records. She indicated that she did access the records. She stated that no one asked her to do so. She stated that she accessed these records to make sure she still remembered how to access a patient chart. She is applying for another position that requires use of CPRS. She has had previous experience with CPRS in another job. The PO indicated to the employee that this experience was sufficient for her to apply for the position. The employee completed Privacy and HIPAA training this FY-12. She was also able to explain clearly her understanding of the Privacy and HIPAA guidelines of accessing another person's record. This is an access and privacy violation as the employee did not have a need to know for the performance of her duties and that this is a relative of hers. The PO went over Privacy Fact Sheet, Vol. 09, No. 3- Use and/or Access of Protected Health and Individually Identifiable Information by VHA Employees. Specifically, the PO covered the information regarding employees accessing medical records of significant other or family members. The PO also indicated that this information was found in the Privacy Policy, Rules of Behavior and Facility Code of Conduct for Employees. The PO has prepared the fact finding and Summary of my findings and will submit to HR and the employee's supervisor for further remediation if necessary.