The staff member had intended to send the family member a document that listed all nursing homes that work with the U.S. Department of Veteran Affairs. Instead, the medical center employee inadvertently emailed the individual a historical list of nursing home residents, constituting a violation of HIPAA.
The list included veterans’ names, abbreviated Social Security numbers, nursing home where they had been admitted, diagnoses and service-connection disability rating percentages.
The incident, which occurred in November 2018, was an isolated error. The medical center has since taken steps to reduce the likelihood of a similar issue occuring in the future, including encrypting files that contain historical information, according to HIPAA Journal.
“Lebanon VA Medical Center and our employees take our responsibility to protect patient information very seriously,” Lebanon VA Privacy Officer Tonya Hromco told HIPAA Journal. “Along with assistance from national offices, we immediately investigated this inadvertent, unauthorized release of information.”
Affected individuals and family members of deceased patients have been mailed notification letters about the privacy breach.
More articles on cybersecurity:
Apple CEO to Congress: It’s time to step in, protect our privacy
7 tips for healthcare organizations to avoid falling victim to phishing attacks
HITRUST updates program for HIPAA, HITECH compliance assessments
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
