Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Health Care Upstate New York (VISN 2)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on February 5, 2013. Also cited in 132 other reports.
Report ID: PSETS0000085471, U.S. Department of Veterans Affairs
Reported Entity: VISN 02 Syracuse, NY
Issue:
IT Specialist reported to the Privacy Officer that he found a Nursing End of Shift report on the ground of the off-site employee parking lot when leaving work for the day. He secured the information until bringing the report to the Privacy Officer who secured it in her office. The End of Shift report contained the full name, full SSN, admitting diagnosis, current problems, allergies, and vital signs of 18 veterans currently admitted to the Medicine inpatient unit of the hospital (6 South). The Privacy Officer discussed the incident with the Nurse Manager who reviewed the report and was able to identify the employee who had the report in her possession. The Nurse Manager stated that it is not uncommon for the nurses to place the report in their pocket to reference while working as needed. She expects that the nurse forgot to place the report in the shredding bin when leaving for the day and then dropped the report in the parking lot when going to her car. The Nurse Manager will re-educate the nurse that she is prohibited from taking any PHI/PII out of the building and to place the report in the shredding bin when leaving for the day. It is also recommended that the full SSN be truncated to the last 4 SSN or removed and replaced with the date of birth on the end of shift report to reduce the risk of compromise of patients' sensitive information if the report is dropped or lost. Update: 02/11/13:18 Veterans will receive letters offering credit protection services due to full names and full SSNs being exposed.
Outcome:
Nurse Manager re-educated all nursing staff of the requirement to place the End of Shift Nursing Note in the shredding bin at the end of the day to ensure it is properly secured and destroyed. Recommendation to remove the patient's SSN from the report submitted by the Privacy Officer to the Clinical Informatics Committee for further review to determine if this can be done in the electronic medical record.