VA Health Care Upstate New York (VISN 2)

Report ID: PSETS0000082892, U.S. Department of Veterans Affairs

Reported Entity: VISN 02 Syracuse, NY

Issue:

The Privacy Officer (PO) completed the Quarter 4, FY 12 Release of Information audit and identified personally identifiable information (PII), protected health information (PHI) and 7332-protected information that was released to outside third parties (insurance companies, attorneys, non-VA providers, and Veterans Service Officers) without the proper authorization for 18 Veterans, resulting in privacy violations. The full SSN was inappropriately released on eight out of the eighteen Veterans and the partial SSN released on one Veteran. 7332-protected information was inappropriately released on 6 out of the 18 veterans to include HIV results being sent to insurance companies, non-VA providers, and Veteran's Service Officers and substance abuse information being sent to insurance companies and attorneys without proper authorization. The Health Information Management Service (HIMS) Manager was notified of the privacy violations and will be taking corrective action through the disciplinary process with Human Resources (HR). Update: 12/03/12:The Veterans whose full SSN was disclosed (total of 8) will receive letters offering credit protection services. The remainder of the Veterans will receive notification letters.

Outcome:

ROI Supervisor notified the ROI clerks of their errors and provided education regarding the requirements to ensure an authorization is HIPPA compliant and allows for the release of 7332-protected information. The privacy violations identified through the ROI audit were also forwarded to Human Resources for further disciplinary action with the staff due to misconduct.