This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

Phoenix VA Health Care System

PHOENIX AZ - 644

Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on October 3, 2013. Also cited in 102 other reports.


Report ID: PSETS0000095476, U.S. Department of Veterans Affairs

Reported Entity: PHOENIX AZ - 644

Issue:

Today, 10/03/13, the Privacy Officer (PO) receives report from employee that clinical co-worker mentioned that she was accessing her sons electronic medical record. CPRS was open to the sons medical record during discussion. Clinical staff stated that they opened sons chart to see where his appointments were and what medications he was taking. The employee indicated that their functions do not provide services to males so she questioned the need to review a family members Veteran chart. Chart was not sensitized and 7332 information was noted in problem list. Upon report, the chart was sensitized by ISO. Additional notification and investigation, to ensue.

Outcome:

10/08/13: The PO discussed the case with the employee's Supervisor, who had been away from the office. She will address questions with her nurse to understand if she was accessing her son's chart, if her son is a Veteran receiving treatment here, and why she would access his chart. The PO explained that chart was sensitized last week. Additional investigation, pending. 10/14/13: The Supervisor and staff are working on a Report of Contact (ROC). The employee contacted PO to explain that she had her son's verbal consent and written consent to open his chart in this manner. The PO indicated this fact finding should be completed first. She said that her Supervisor requested that she contact PO to get her son's chart sensitized. The PO explained this had been addressed previously. Thanked staff for call and referred to Supervisor. The PO will follow up with Supervisor for ROC and additional investigation. 10/23/13: The Supervisor's fact finding and interviews indicates that one staff member reports a training use of the complainant's record. This was not cited earlier and the individual is a transfer from another department. This is questionable use and deemed to be an inappropriate access. Further follow up with Supervisor is in process to determine corrective actions. 10/24/13: The son will receive a HIPAA letter of notification.

Related Reports:

Do you believe your privacy has been violated? Here’s what you can do: