Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Health Care Upstate New York (VISN 2)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on August 24, 2011. Also cited in 132 other reports.
Report ID: SPE000000066054, U.S. Department of Veterans Affairs
Reported Entity: VISN 02 Syracuse, NY
Issue:
Privacy Officer identified during the course of the quarter 3 release of information audit that protected health information of 4 veterans was inappropriately disclosed when requested from a 3rd party requester and processed by the ROI clerks. The inappropriate disclosures involving all 4 veterans were due to the patient authorization not legally supporting the release of the information. Two of the releases involved inappropriate disclosures of 7332-protected information (substance abuse and HIV) . One was released to the patient's Non-VA provider and the other to Social Security/Disability without authorization from patient. The other 2 release were due to the authorizations not meeting the requirements of a HIPAA compliant authorization and were therefore invalid. This resulted in 2 occasions where the Veteran's PHI was inappropriately disclosed, one to the Veteran's insurance company and the other to the Veteran's son. Update: 08/24/11:Four (4) Veterans will be sent letters offering credit protection services.
Outcome:
Two of the clerks who were fairly new to release of information were re-educated on the proper procedure for screening of 7332-protected information reminded of the requirement to forward to the HIMS Supervisor for review and redaction once identified. The third clerk, who is a long standing release of information clerk, was disciplined in the form of a reprimand.