Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Health Care Upstate New York (VISN 2)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on May 24, 2012. Also cited in 132 other reports.
Report ID: SPE000000076005, U.S. Department of Veterans Affairs
Reported Entity: VISN 02 Syracuse, NY
Issue:
A Social Worker at the Behavioral Health Outpatient Clinic reported to the Privacy Officer that a client list that she had prepared for her VA supervisor was returned to her outside of the VA while working at her second job at the local justice center. The Social Worker stated that she had prepared a paper document of a client list that included patient full name, last 4 SSN, diagnosis (including substance abuse), and treatment plan as requested by her supervisor for further review. She stated that that after turning in the hard copy report, she was asked to prepare it electronically and resend it to her supervisor. She stated that she asked her supervisor for the paper report so she could recreate it as an electronic file but was told by the supervisor that he did not have it and that it may have been accidently thrown away. She stated that several days later, when working at the justice center one evening, a local police officer approached her with the client list document that she had previously turned into her supervisor. The client list had her name on it as the treating social worker and after determining that she was an employee at the justice center, the police officer turned it into her. She stated that she was asked by the police officer if her car had been broken into and she stated it had not. The police officer stated that he expected that a car that contained the VA patient information had been broken into to take valuables and then discarded as the documents were found left on the outside property of a nearby local church who reported it as a found property complaint to the police. After further investigation by the VA Police, it was determined that there were no reports on file with the local police regarding any car break-ins or theft by the Social Worker's supervisor. The issue was reported to medical center leadership, in addition to the medical center's Incident Response Team ( ISO, PO, Associate Director, Asst Chief of Police, Chief of Police and Public Affairs Officer) for further review and corrective action. The PO and ISO will be further investigating the incident by questioning the staff involved with the incident to determine the cause of the privacy/information security violation and provide recommendations for corrective action. Update: 05/25/12: Twenty-seven (27) Patients will be sent notification letters due to PHI being exposed.
Outcome:
Employee re-educated on the requirements to safeguard sensitive patient information and request for disciplinary submitted to Human Resources in the form of a reprimand by employee's supervisor.