Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Heartland Network (VISN 15)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on August 11, 2011. Also cited in 149 other reports.
Report ID: SPE000000065677, U.S. Department of Veterans Affairs
Reported Entity: VISN 15 Marion, IL
Issue:
A Veteran reported that his behavioral health provider had submitted a physician's statement to his employer without proper authorization. The initial investigation reveals that the patient had an appointment on 07/27/11, during which it was determined that the Veteran should not report to work that evening. With the patient present, the provider called the employer to notify them that the Veteran was unable to work. The employer faxed a physician's statement request form for FMLA to the provider. The provider completed the form, which contained the patient's full name, full SSN, address, diagnosis, symptoms, lab data, and medication treatment information to the employer. This information was submitted to the employer after the Veteran left his appointment. On 08/10/11, the patient reported for his scheduled appointment, during which he was asked to complete an ROI form (10-5345) to cover the release of the information which occurred on 07/27/11. The ROI form that the Veteran completed was not a valid authorization, as it was only partially completed. After the patient left the appointment, the provider completed the portions of the form which were incomplete, which included the information released and expiration date. On 08/11/11, the Veteran reported the above findings. The ROI supervisor was able to recover the original ROI as well as the copy of the ROI which had been completed by the provider, and the physician's statement form. The Veteran is very upset that the information released to his employer will jeopardize his employment. Update: 08/12/11:The Veteran will receive a letter offering credit protection services.
Outcome:
Training and education regarding release of information procedures were provided to the staff member who completed the forms. Employee was reminded that a release must be in place prior to any information being released, unless in an emergency situation.