Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Mid South Healthcare Network (VISN 9)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on July 21, 2011. Also cited in 328 other reports.
Report ID: SPE000000064918, U.S. Department of Veterans Affairs
Reported Entity: VISN 09 Louisville, KY
Issue:
An employee who has filed a grievance against her Chief used medical records for evidence in her case. She took copies of medical records to the Union office to keep as evidence for her case. During one of the meetings, she was asked if she could provide a copy to all attending and she proceeded to provide a copy of a consult to everyone present. A Human Resources (HR) spokesperson gave it back stating that they probably shouldn't be taking a copy of patient information. Quickly, all copies were taken back. However, the Privacy Officer (PO) is uncertain at this point if the records that were given to the Union were kept by the Union or not. Update: 07/22/11:The employee involved is out of town until the week of 07/25/11. The PO will be able to gather more information when the employee returns.08/09/11:The PO stated that she is getting conflicting information in her interviews. The information given to the Union involves only one patient and included the patients name, full SSN, date of birth and diagnosis. The one patient will receive a letter offering credit protection services.
Outcome:
This case is completed. I have found that the MSA inappropriately disclosed information on the patient to employees who did not have a need to know in order to support her grievance case. I have provided a summary to HR to further remediate if needed.