Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Mid South Healthcare Network (VISN 9)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on March 15, 2013. Also cited in 328 other reports.
Report ID: PSETS0000086829, U.S. Department of Veterans Affairs
Reported Entity: VISN 09 Nashville, TN
Issue:
On 03/14/13, Veteran A reported the following complaint to the Privacy Officer (Nashville Campus). From 09/05/12-10/10/12, Veteran A was admitted to 7A (Murfreesboro Campus). During this admission, Veteran A stated his Provider completed a Family Medical Leave Act (FLMA) form and submitted it to his employer, Social Security, without his permission. Veteran A stated the FMLA form contained his mental health diagnoses (some of which were based on erroneous information in CPRS). Update: 03/28/13:The Privacy Officer (PO) substantiated that the Provider and Social Worker had verbal permission to release the information to Social Security, but no written authorization. Veteran A will receive a HIPAA letter of notification.
Outcome:
4/4/13 - Upon investigation, the PO found: - On several occasions, the Veteran or his mother (NOK) approached the provider and social worker to request the FMLA form be completed and faxed to the employer (Social Security). Such actions imply the Veteran's full consent and knowledge. - The documentation, contained in the Veteran's medical records, substantiated he or his NOK requested the FMLA form be completed and faxed to the Veteran's employee. - The Provider included the Veteran in preparing the FMLA form - Although verbal consent was obtained, no written consent was obtained. The Chief, MHCL educated the provider and social worker regarding the appropriate process to release medical records outside TVHS. Chief, MHCL will work with HR to determine if additional action is required. HIPAA letter mailed. PO requests ticket be closed.