Investigation reveals Veterans Administration privacy breaches
HIM-HIPAA Insider, October 21, 2013
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
by Jaclyn Fitzgerald, Associate editor
Veterans Administration (VA) employees or contractors are responsible for 14,215 HIPAA privacy violations at 167 facilities from 2010 to May 31, 2013, according to a recent Pittsburgh Tribune-Review investigation. The violations affected at least 101,018 veterans and 551 VA employees, the newspaper reported.
Reporters analyzed the VA Risk Management and Incident Response Resolution Team reports, which revealed a history of medical record snooping and the loss of sensitive data such as Social Security numbers. Since 2010, criminal investigators came across 11 instances of VA employees stealing veterans’ identities or prescriptions, according to the report.
The newspaper uncovered the following information during its investigation of records from 2010 to May 31, 2013:
- The VA reported one in every 365 privacy violations to the OIG.
- Providers violated the privacy of 2,856 veterans by illegally releasing patient information or failing to obtain patient consent for studies.
- The VA compromised the PHI of 16,183 veterans by failing to encrypt data on electronics that were lost or stolen.
- VA employees compromised the PHI of 836 veterans and two VA employees when they lost paperwork in restrooms.
- VA employees compromised the PHI of 1,118 veterans by faxing medical records to the wrong destination.
- The VA provided prescriptions or paperwork of 5,254 veterans to the wrong person. One in five of these incidents resulted in the disclosure of veterans’ birth dates, complete or partial Social Security numbers, or diagnoses.
Under the HIPAA omnibus rule, HHS can fine covered entities and business associates up to $1.5 million per HIPAA violation. However, no breach related to the VA has resulted in a monetary settlement, according to the Pittsburgh Tribune-Review.
A statement from VA officials said the agency is retraining employees to “achieve a culture change in which all VA employees understand the importance of protecting veteran information as part of their daily routine,” according to the Pittsburgh Tribune-Review.
The VA retrained employees for privacy violations 498 times in 2010, 1,134 times in 2011, and 1,387 times in 2012, Pittsburgh Tribune-Review reported.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- The consequences of an incomplete medical record
- Practice the six rights of medication administration
- Note similarities and differences between HCPCS, CPT® codes
- Nursing responsibilities for managing pain
- Q&A: Primary, principal, and secondary diagnoses
- Complications from immobility by body system
- Skills of effective case managers
- OB services: Coding inside and outside of the package
- Prevent dehydration with nursing interventions
- E-mailed
-
- Correctly bill ancillary bedside procedures in addition to the room rate
- The Cincinnati Pre-Hospital Stroke Scale
- Q: Will Medicare cover homecare services to residents of assisted living facilities (ALFs)?
- Q/A: Coding infusions to correct low potassium levels
- Q&A: Utilization Review Committee Membership
- Q&A: Bill blood administration the same way for inpatient and outpatient accounts
- OB services: Coding inside and outside of the package
- Know the medical gas cylinder storage requirements
- Intravenous therapy guidelines
- ICD-10-CM coma, stroke codes require more specific documentation
- Searched
-
- cold weather preparedness in hospital
- coding productivity
- Nursing home administrator
- 72 hour supervised fasting
- 5.If the ICD10CM replaces ICD9CM Volumes 1 and
- anesthesia code for 45331
- Dynaper
- evidencebased competency management INVALIDem
- How to prevent hospitalacquired pressure ulcersinj
- INFECTION CONTROL