Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Health Care Upstate New York (VISN 2)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on October 19, 2012. Also cited in 132 other reports.
Report ID: PSETS0000081390, U.S. Department of Veterans Affairs
Reported Entity: VISN 02 Syracuse, NY
Issue:
A Business Office employee, who is also a patient, reported to her supervisor that she felt someone she knew who worked at the VA may have accessed her medical record. The employee had been sent to the emergency department for treatment one day while at work and her neighbor, who is also a nurse on 6 South, knew she had been in the emergency department. She was concerned he may have accessed her medical record to get this information. The supervisor brought the concern to the Privacy Officer who ran a sensitive record access report and identified that the nurse on 6 South, that is also the employee/Veteran's neighbor had accessed her medical record the day she was in the Emergency Department. After further questioning of the nurse and nurse supervisor, it was determined to be routine for the 6 South staff to check the orders on patients in the ER who have been assigned to 6 South in order to have the necessary equipment in the room and treatments ready for the patient. However, the Business office employee was never assigned to 6 South, nor admitted to the hospital, resulting in no justified need for the nurse to access the employee's medical record and thus a privacy violation. The Nurse Manager has discussed the issue with the nurse and will be completing a request for disciplinary action to submit to human resources for corrective action. Update: 10/19/12:Due to full SSN and medical information being accessed inappropriately, Employee/Patient A will be sent a letter offering credit protection services.
Outcome:
Nurse Manager on 6 South discussed the inappropriate access with the employee and reiterated that he cannot access an employee or patient's medical record outside a need to know to do his job. The employee confirmed understanding of this and stated it would never happen again. Request for disciplinary action in the form of a reprimand completed by Nurse Manager and submitted to HR for completion.