Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Mid-Atlantic Health Care Network (VISN 6)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on May 1, 2012. Also cited in 187 other reports.
Report ID: SPE000000074904, U.S. Department of Veterans Affairs
Reported Entity: VISN 06 Asheville, NC
Issue:
This incident was referred by VA Police. A complainant states that another employee may have accessed his medical records without authorization or need. Update: 05/01/12: Investigation. The possible improper access to his medical records by another employee in violation of policies etc. Incident alleged to occur almost a year ago and could involve more than one individual. Information may have been shared with 2 other employees. Spoke this date with complainant and he wanted to focus on events that may have occurred after January 1, 2012. The Privacy Officer (PO) has requested a SPAR sensitive patient access report from the ISO. Upon review of the information from the ISO, additional discussions will take place with complainant and interviews conducted if necessary. 05/15/12: There continue to be other allegations not of a privacy nature that involve VA Police. This investigation will be delayed due to police investigation. Sensite audit was completed and there are several instamces involving 3 potential subjects that need to be explained. 05/21/12: At least 2 additional interviews need to be conducted prior to making a determination if this is an event. One such interview is at a remote facility and will require coordination to complete. Additional interviews conducted. One more to be conducted in the next 48 hrs. This complaint is tied to an administrative fact finding on several non privacy issues and the fact finding being conducted at the request of the director is being done cuccurrent with this case. However, the fact finding has priority. Investigation is complete. This was a bonifide incident. The sensitive audit was reviewed with the complainant and several suspicious dates and access were discovered. All intervies have been conducted and 2 employees did violate privacy rules and directives. One employee committed 3 acts of improper access. A second employee did an improper disclosure by divulging confidential informationto another patient. A third employees was cleared of all counts. This investigation was difficult in that there was another fact finding investigation involving these subjects that were not privacy related and that case took presidence. The findings in this incident have been referred to theservice chief for administrative action.
Outcome:
Two subjects to receive administrative action. Documents sent to service chief.