Pennsylvania VA inadvertently exposes 1,000 patients' health information

Julie Spitzer -

An employee at Lebanon (Pa.) VA Medical Center emailed a veteran's family member a document that contained the protected health information of up to 1,002 of elderly patients, the hospital told HIPAA Journal.

The staff member had intended to send the family member a document that listed all nursing homes that work with the U.S. Department of Veteran Affairs. Instead, the medical center employee inadvertently emailed the individual a historical list of nursing home residents, constituting a violation of HIPAA.

The list included veterans' names, abbreviated Social Security numbers, nursing home where they had been admitted, diagnoses and service-connection disability rating percentages.

The incident, which occurred in November 2018, was an isolated error. The medical center has since taken steps to reduce the likelihood of a similar issue occuring in the future, including encrypting files that contain historical information, according to HIPAA Journal.

"Lebanon VA Medical Center and our employees take our responsibility to protect patient information very seriously," Lebanon VA Privacy Officer Tonya Hromco told HIPAA Journal. "Along with assistance from national offices, we immediately investigated this inadvertent, unauthorized release of information."

Affected individuals and family members of deceased patients have been mailed notification letters about the privacy breach.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.