Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Sierra Pacific Network (VISN 21)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on May 2, 2012. Also cited in 141 other reports.
Report ID: SPE000000074994, U.S. Department of Veterans Affairs
Reported Entity: VISN 21 San Francisco, CA
Issue:
An individual notified the Privacy Officer (PO) that several staff members were huddled around a monitor reviewing the medical record of a now deceased individual. Update: 05/07/12:The Veteran's Next of Kin will be sent a notification letter.07/31/12:An appeal was filed. The DBCT reviewed and denied the appeal as notification is required by law. Notification is still required.11/20/12:A reconsideration was requested. The DBCT reviewed and denied the reconsideration since the notification is required by law.
Outcome:
1. On 5/4/12, an email was sent to all employees reminding them of when employees may use or access individually-identifiable health information2. All staff who were asked why they accessed the patient's chart were re-educated that the official use of the EHR is treatment, payment and healthcare operation, and that all employees must only access or use the minimum inofrmation from VHA records necessary to fulfill or complete their official VA duties IAW VHA Handbook 1605.23. Disciplinary action (admonishments) were proposed for all employees who could not demonstrate that access was for official purpose (treatment, payment and/or health care operations).4. All employees who received proposed disciplinary action will be assigned TMS Course VA 10203 (VHA Privacy Course) for completion as soon as possible but no later than 1/31/13.