Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Phoenix VA Health Care System
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on January 15, 2014. Also cited in 102 other reports.
Report ID: PSETS0000099204, U.S. Department of Veterans Affairs
Reported Entity: PHOENIX AZ - 644
Issue:
Today, 01/15/14, VA employee provided the Privacy Officer (PO) with a copy of her Sensitive Patient Access Report (SPAR) indicating that her chart information was accessed without her authorization or a business need to know. She identified four (4) staff members whose access into her medical record or VISTA was questionable. Staff provided a written complaint to initiate privacy investigation. The period of time chart was accessed dated from April 2011 to October 2013. Additional notification and investigation, to ensue.
Outcome:
02/04/14: The Supervisor confirmed the SPAR was his/hers. The PO provided a partial SPAR with request to indicate business reason for chart access by her employee. 03/04/14: The PO sent a summary to supervisors and Human Resources (HR) yesterday of her findings that out of 5 staff whose access was questioned, there were 3 instances of equivocal need or no need to access the chart. Other findings showed that 2 other staff had appropriately accessed the chart for their job performance: OIT routine running of mid-night reports (similarly named individual) and VA Police Officer who ticketed the complaintant (accessed patient inquiry only on this date). Other individuals were sent to supervisor for root cause and corrective actions. Ticket status previously changed to Incident. 03/19/14: The employee will recieve a HIPAA letter of notification.