Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Midwest Health Care Network (VISN 23)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on September 1, 2011. Also cited in 183 other reports.
Report ID: SPE000000066329, U.S. Department of Veterans Affairs
Reported Entity: VISN 23 Iowa City, IA
Issue:
The Information Security Officers (ISO) were looking through the Sensitive Patient Access Report and came across an employee accessing a Veteran/employee's chart. The ISO gave the report to the Privacy Officer (PO). The PO will follow up with the employee who accessed the medical record to get a written response and authority for accessing the record. Employee admitted he looked at the record without a need to know. Update: 09/01/11:Veteran/Employee A will be sent a letter offering credit protection services.09/01/11:Update: SPE 66329 and 66330 involve the same patient, but two different employees accessed his record. The patient is deceased, therefore Veteran A Next of Kin will receive NOK notification.
Outcome:
Employee received a one day suspension.