Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Eastern Colorado Health Care System(ECHCS)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on March 5, 2014. Also cited in 47 other reports.
Report ID: PSETS0000101247, U.S. Department of Veterans Affairs
Reported Entity: EASTERN COLORADO HCS - 554
Issue:
The Privacy Officer discovered that an employees supervisor had inappropriately accessed the employees electronic health record. The findings were referred to the assistant service chief and HR for action.
Outcome:
03/05/14: The employee requested an access log and inquired why their supervisor was in their record. The section where the two employees work is not a part of patient care. The supervisor is not involved in patient care and does not have a business need to access this employee's record based on their position title and job duties. The record fields accessed were appointment management and patient inquiry. It was not clear why the supervisor felt that they were justified in accessing the employee's records since no apparent business reason other than checking to see if the employee did have appointments scheduled when they requested time off. The findings were referred to Human Resources and the supervisor's supervisor for action. The employee will be sent a notification leter.