Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Health Care Upstate New York (VISN 2)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on December 20, 2011. Also cited in 132 other reports.
Report ID: SPE000000069833, U.S. Department of Veterans Affairs
Reported Entity: VISN 02 Syracuse, NY
Issue:
Veteran A contacted the Privacy Officer to report that he had received a CD from the Release of Information department with copies of his medical records and when reviewing the CD he found another file labeled with another patient's name. He stated that he opened the file to see what it was and discovered it was medical records regarding another patient, Veteran B. He closed the file and notified the Community Care Center (CCC) who advised him to return the CD to them so they could get it to the Privacy Officer for corrective action. He stated he then printed the file that contained his medical records and returned the CD to the CCC. Upon receipt of the CD, the Privacy Officer reviewed the records and determined that it contained over 300 pages of records on Veteran B which included his full name, full SSN, date of birth, address, medications, labs, progress notes, and 7332-protected information (HIV testing). The HIMS Manager and HIMS Supervisor were contacted who reviewed the incident further and determined that the Release of Information Clerk had not checked to confirm only Veteran A's information was downloaded to the CD before releasing as required per established protocol. In addition, the Privacy Officer discussed the incident with the CCC who reported that Veteran A contacted ROI to report he had received Veteran B's records in error and was told to destroy them but Veteran A was not comfortable doing this so reported it to the CCC who advised he return it to them. Notification regarding the inappropriate disclosure from ROI to the Privacy Officer or the HIMS Supervisor did not occur indicating training needed for the ROI clerks for reporting privacy incidents. The HIMS Supervisor will be re-educating the ROI clerk on the proper procedure for release of records on CD and reporting of inappropriate disclosures resulting in privacy violations. She will also be discussing the incident further with Human Resources for disciplinary action as necessary due to previous similar errors that have recently occurred. Update: 12/20/11:Veteran B will be sent a letter offering credit protection services due to full name and full SSN being exposed.
Outcome:
The HIMS Supervisor re-educated the ROI clerk on the proper procedure for release of records on CD and reporting of inappropriate disclosures resulting in privacy violations. She also submitted a request to Human Resources for disciplinary action due to previous similar errors by this employee.