Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Health Care Upstate New York (VISN 2)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on August 8, 2012. Also cited in 132 other reports.
Report ID: SPE000000078910, U.S. Department of Veterans Affairs
Reported Entity: VISN 02 Syracuse, NY
Issue:
The Privacy Officer (PO) completed the Quarter 3, FY 12 Release of Information audit and identified personally identifiable information (PII) and protected health information (PHI) and 7332-protected information was released to outside third parties without proper authorization for 11 Veterans, resulting in privacy violations. The full SSN was inappropriately released on four out of the eleven Veterans to attorneys and insurance companies. 7332-protected information was inappropriately released on 6 out of the 11 veterans to include HIV results being sent to non-VA providers and substance abuse information being sent to insurance companies and attorneys without proper authorization. The Health Information Management Service (HIMS) Manager was notified of the privacy violations and will be taking corrective action through the disciplinary process with Human Resources (HR). Update: 08/08/12: All 11 had protected health information (PHI) released without a valid HIPAA-compliant authorization. Out of those 11, only 4 had full SSN released. Also, of the 11, six Veterans had 7332-protected information inappropriately disclosed in addition to other medical information due to an invalid authorizations. The other five whose information was inappropriately disclosed had no 7332-protected information in their medical record. The four Veterans whose full SSN was compromised will receive letters offering credit protection services. The other seven Veterans will receive HIPAA notification letters. 08/31/12: Additional information indicates that the full SSN was not compromised so all 11 Veterans will receive HIPAA notificaiton letters.
Outcome:
Results submitted to the HIMS Manager who reviewed and submitted a request ro HR for progressive disciplinary action due to previous violations and pending disciplinary action on file with the employees. Received confirmation that disciplinary action in the form of a suspension has already been issued to one clerk and the request for progressive disciplinary action for the second ROI clerk is pending. HIMS Supervisor reviewed errors/violations with the ROI clerks and re-educated them on requirements for a HIPAA compliant authorization and authorization requirements to release 7332-protected information.