Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Health Care Upstate New York (VISN 2)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on November 28, 2011. Also cited in 132 other reports.
Report ID: SPE000000069056, U.S. Department of Veterans Affairs
Reported Entity: VISN 02 Syracuse, NY
Issue:
An employee from the Surgery Service accessed a veteran/employee's medical record and disclosed the veteran/employee's imaging test results to him that had been ordered by his Primary Care Provider. at the veteran/employee's request. After receiving the results, the patient then contacted his Primary Care Provider, stating that he had been told his x-ray results were critical and he needed to be seen by her right away. The PCP, concerned about who had accesed the Veteran's medical record to give him these results, notified the Administrative Officer who then contacted the Privacy Officer to conduct a sensitive record access review. After further review it was determined that a Certified Registered Nurse Anesthetist (CRNA) who knew the Veteran/Employee had accessed the medical record outside a need to know to do his job and therefore resulted in an information security and privacy policy violation. Update: 11/28/11:The employee will be sent a HIPAA notification letter since procedures were not followed correctly.
Outcome:
Employee educated on VA privacy requirements and that he should only be accessing a patient's medical record on need to know basis to do his job, not a coworker's patient record as a courtesy, even if the coworker asked him to as it is a privacy violation.