Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Southeast Network (VISN 7)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on April 1, 2011. Also cited in 225 other reports.
Report ID: SPE000000060341, U.S. Department of Veterans Affairs
Reported Entity: VISN 07 Decatur, GA
Issue:
A patient states he was seen and diagnosed by a previous provider who worked for a private hospital previous to current VA employment. Patient states he lodged a legal suit against another private sector provider years later. Patient contacted the previous provider to ask for assistance in his legal suit but the provider did not remember the patient. The patient states his attorney subpoenaed the previous provider to do a deposition. Patient states in the deposition the previous provider stated he now works for the VA and that he accessed the patients medical record and gave that health information to the private sector provider whom the patient is in litigation with. PO has not seen the deposition as patient would not show it to me. Patient has filed OCR. Patients record not marked sensitive. Investigation to continue. Update: 12/29/11:Provider reviewed patients CPRS records without authorization or need to know and discussed with outside/privacy attorneys through his court deposition. Therefore Patient A will receive a letter offering credit protection services.
Outcome:
Provider was required to retake Privacy and HIPAA training, VA Information Security trng. Patient record marked sensitive. Memo to HR and Service with recommendations. Redacted CRM Ltr uploaded and mailed today.