Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Health Care Upstate New York (VISN 2)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on January 13, 2012. Also cited in 132 other reports.
Report ID: SPE000000070719, U.S. Department of Veterans Affairs
Reported Entity: VISN 02 Syracuse, NY
Issue:
A Regional EEO Manager from the Office of Resolution Management (ORM) contacted the Syracuse VA Privacy Officer to report that an employee from the medical center had faxed sensitive patient information to the EEO Counselor at ORM with other documentation to add a new claim to a current EEO complaint the employee had filed with their office. The Regional EEO Manager reported that the sensitive patient information was a copy of the patient's doctors orders printed from the medical record and contained the patient's name, social security number, a brief diagnosis and treatment information. After review and discussion with the local EEO Coordinator, it was confirmed that the employee had inappropriately accessed the patient's medical record to print and send this information to ORM. In addition it was confirmed that per VA policy, ORM typically does not have a need to know specific patient information and if determined as needed, would be requested through the EEO Coordinator who would remove the patient identifiers prior to sending. The issue has been reported to the EEO Coordinator and the Business Office Manager, the employee's supervisor, for corrective action with the employee. Update: 01/17/12:The patient will receive a letter offering credit protection services.01/31/12:An appeal was filed. The DBCT reviewed and granted the appeal based on the evidence submitted that states the patient is deceased. A next of kin letter will be sent.
Outcome:
The Privacy Officer retrieved the copies of the patient's medical records from the VA ORM to ensure proper destruction. The Business Office Manager re-educated the employee about required privacy practices in reference to patient record access and disclosure in order to prevent future occurrences. The Business Office Manager has also issued a request for disciplinary action to Human Resources in response to this privacy violation.