Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Health Care Upstate New York (VISN 2)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on May 4, 2012. Also cited in 132 other reports.
Report ID: SPE000000075108, U.S. Department of Veterans Affairs
Reported Entity: VISN 02 Syracuse, NY
Issue:
The Privacy Officer (PO) completed the second quarter Release of Information (ROI) audit for FY12 and identified a total of 16 inappropriate disclosures of Veterans' medical records to third parties due to invalid authorizations. Seven of the inappropriate disclosures included the release of 7332-protected information (drug/alcohol abuse and HIV). Nine of the inappropriate disclosures included the release of the patient's full SSN. The inappropriate disclosure of the 7332 protected information resulted from drug/alcohol abuse diagnoses or HIV results of Veterans being inappropriately released to their non-VA providers, attorneys, insurance companies and in one case a New York State agency. This was due to the authorizations not meeting HIPAA requirements or the 7332 protected information not being marked for release on the authorization form by the patient as required. All other inappropriate disclosures resulted from the release of protected health information (PHI) of Veterans to other third parties such as insurance companies, attorneys, and federal and state government offices pursuant to an invalid authorization resulting in privacy violations. Update: 05/07/12:Seven (7) Veterans will received notification letters due to 7332 information being released without authorization. Nine (9) Veterans will receive letters offering credit protection services due to full name and SSN being disclosed.
Outcome:
HIMS Manager reviewed the release of information errors that resulted in privacy violations with the clerks and re-educated them on the required procedures to follow to ensure a valid written authorization has been obtained prior to the release and that if requested, any 7332 information is specifically authorized by the patient. Errors reported to Human Resources who added to evidence file for current disciplinary action. Privacy Officer to monitor release of medical record requests by the ROI clerks on a quarterly basis to determine if improving.