Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Great Lakes Health Care System (VISN 12)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on November 1, 2012. Also cited in 130 other reports.
Report ID: PSETS0000081865, U.S. Department of Veterans Affairs
Reported Entity: VISN 12 Madison, WI
Issue:
Veteran/Employee was hospitalized. Security audit shows other employees may have inappropriately accessed the employee's CPRS record. Investigation continuing to determine whether access was inappropriate or not. Update: 11/26/12:Investigation is ongoing due to staff schedules.12/03/12:The Veteran/Employee will receive a notifcation letter.
Outcome:
Per my comments below: Of the 11 staff who were interviewed, it appears 3 did not have a job related reason to access the Veteran's record. HR and the service chief are determining discipline for these individuals. Education has been provided to all the employees regarding appropriate record access. Additional training is being provided for all facility staff on need to know and minimum amount necessary. All staff interviewed had received Privacy training and showed an understanding of record access procedures and potential repercussions for violations. Is there any additional information that should be provided in order to complete the review for this ticket? Investigation is still on-going due to clinical staff schedules. 6 individuals have been interviewed, 3 will be completed when they return Nov. 13, 1 when the employee returns Nov 14, and the final one on Nov. 19 when he returns from leave. 11/21/2012 Of 11 staff interviewed, 3 appear to have no justification/job related reason to be in the record. All employees have been notified of proper handling of PHI/record access and potential repercussions. Additional awareness- policies and training will be communicated to all facility staff. Incident is being referred to the service chief, Human Resources, and the Director for additional review. 11/26/2012 All staff were current in privacy training and understood that they should access the record only if required by their job; however, staff do not always seem to understand just what that means. Education will be provided to clarify the difference between job requirements and curiosity.