Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Health Care Upstate New York (VISN 2)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on February 22, 2013. Also cited in 132 other reports.
Report ID: PSETS0000086047, U.S. Department of Veterans Affairs
Reported Entity: VISN 02 Syracuse, NY
Issue:
The Privacy Officer (PO) completed the Quarter 1, FY 13 Release of Information audit and identified personally identifiable information (PII), protected health information (PHI) and 7332-protected information that was released to outside third parties (insurance companies, attorneys, non-VA providers, and Veterans Service Officers) without the proper authorization for 10 Veterans, resulting in privacy violations. The full SSN was inappropriately released on four out of the 10 Veterans. 7332-protected information was inappropriately released on 2 out of the 10 veterans to include the veterans diagnosis of alcoholism being sent to an insurance company and Veterans Service Officer without proper authorization. Lastly, for one veteran, his medical copay statement was released to his housing landlord without proper authorization. The Health Information Management Service (HIMS) Manager was notified of the privacy violations and will be taking corrective action by reviewing the errors with the ROI staff and re-educating them on the requirements of a HIPAA compliant authorization as well as how to properly screen for the presence of 7332-protected information. Update: 02/26/13:Two of the individuals' information was released only to HIPAA covered entities. Three individuals had information, including full SSNs, released to non-HIPAA covered entities and will be offered credit protection services. Five individuals had PHI released to non-HIPAA covered entities and will be sent HIPAA notification letters.
Outcome:
The Health Information Management Service (HIMS) Manager was reviewed the errors with the ROI staff and re-educated them on the requirements of a HIPAA compliant authorization as well as how to properly screen for the presence of 7332-protected information.