Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Health Care Upstate New York (VISN 2)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on February 16, 2012. Also cited in 132 other reports.
Report ID: SPE000000071889, U.S. Department of Veterans Affairs
Reported Entity: VISN 02 Syracuse, NY
Issue:
The Privacy Officer (PO) completed the first quarter Release of Information (ROI) audit for FY12 and identified a total of 19 inappropriate disclosures of Veterans' medical records due to invalid authorizations. Six of the inappropriate disclosures included the release of 7332-protected information (drug/alcohol abuse and HIV). The inappropriate disclosure of the 7332 information resulted from drug/alcohol abuse regarding four Veterans being sent to their attorneys, in one case a correctional facility, and HIV results regarding two Veterans being sent to their non-VA provider without proper authorizations in place. All other inappropriate disclosures resulted from the release of protected health information (PHI) of Veterans to other third parties such as insurance companies, attorneys, and federal and state government offices pursuant to an invalid authorization resulting in privacy violations. Update: 02/17/12:After further investigation, one Veteran will be sent a HIPAA notification, and the other 18 will be offered credit protection services.
Outcome:
Chief of Health Information Management re-educated the ROI Clerks on the requirements of valid HIPAA-compliant authorization. In addition, these violations were reported to Human Resources and disciplinary action applied in the form of a reprimand to both ROI clerks due to this and previous violations.