Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Southeast Network (VISN 7)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on April 9, 2013. Also cited in 225 other reports.
Report ID: PSETS0000087714, U.S. Department of Veterans Affairs
Reported Entity: VISN 07 Birmingham, AL
Issue:
Incident Summary: Birmingham VA Medical Center (BVAMC) Research Compliance Officer (RCO) was notified by BVAMC RN, Research Coordinator, that a consult form and imaging of a BVAMC patient was released to the University of Alabama at Birmingham (UAB) without proper authorization. A surgical resident released the information to the BVAMC RN, Research Coordinator (pulled from CPRS) who then provided the consult form and imaging to UAB research employee (who is also a WOC with VA Research). The UAB research employee stated she had obtained consent/HIPAA authorization from the patient. However, this had not occurred. The RN, Research Coordinator stated the image (burned to a CD) and consult have been destroyed/shredded as part of UAB's required action. The RN, Research Coordinator provided training to the UAB Study team, UAB research employee, and residents involved in this UAB study (which is not a VA study) on the proper manner in which to refer VA patients to UAB for potential study participation and UAB consenting procedures. Update: 04/09/13: The patient will receive a HIPAA letter of notification. 05/08/13: This was determined to be non-HITECH reportable by VHA Privacy Office.
Outcome:
The Research Principal Investigator (PI) at The University of Alabama at Birmingham (UAB) was made aware of this incident. The Surgical resident at the Birmingham VA Medical Center (BVAMC) has been re-educated on the importance of protecting PHI, instructed not to give information to anyone without proper authorization, and required to re-take the HIPAA/Privacy Training, which he completed and provided a certification of completion on April 9, 2013. The UAB Vascular Surgery faculty and fellows at UAB were re-educated on the proper process of managing potential UAB research patients recruited from the VA. The UAB Research Coordinator/VA WOC who inappropriately obtained VA records was required to re-take a UAB, Research and VA HIPAA training and completed said training on April 8, 2013 and provided a certification of completion. UAB Human Resources was made aware of this incident and has documented a written warning letter that will be placed in the UAB's WOC research nurse permanent record. She has been informed that any other violation of UAB or VA policies may lead to further action(s).