Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Health Care Upstate New York (VISN 2)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on April 4, 2013. Also cited in 132 other reports.
Report ID: PSETS0000087565, U.S. Department of Veterans Affairs
Reported Entity: VISN 02 Syracuse, NY
Issue:
Resident Physician in the Eye Clinic reported that he had taken home patient information last night after performing a surgical case in the OR which he placed in his back pack and left locked in his vehicle. The Resident identified this morning his car had been broken into the night before and the backpack had been stolen out of the car with the patient information. After further review it was determined that the Resident had in his possession the Resident surgery schedule for the week containing the patients' name, SSN, scheduled procedure, pre-op clearance status and surgical implant being used for nine patients on the list. The Resident also had a surgical worksheet for six of the 9 patients containing the patients name, date of surgery, medical condition, past medical history, medications and the pre-op checklist. This resulted in an inappropriate disclosure of the Veterans' sensitive information contained on these paper documents as specified above. Update: 04/04/13:Nine Patients will be sent a letter offering credit protection services.05/22/13:This was determined to be HITECH reportable by VHA Privacy Office.
Outcome:
The Chief of Ophthalmology has reviewed with all of the residents the importance of protecting patient information. In addition, he asked each to sign a memo stating the following: 1) that the residents have reviewed with the Chief, the importance of protecting patient health information as well as information that specifically identifies patients, such as full name, social security number and date of birth; 2) that in particular, they understand that removal of information of the above type from the VA Medical Center is against policy, unless written authorization is obtained first and; 3) that they will not remove patient health records or patient identifiable information (Full name, SS, DOB) from the VA Medical Center without first obtaining written authorization.