Pennsylvania VA inadvertently exposes 1,000 patients' health information

Julie Spitzer - Print  | 

An employee at Lebanon (Pa.) VA Medical Center emailed a veteran's family member a document that contained the protected health information of up to 1,002 of elderly patients, the hospital told HIPAA Journal.

The staff member had intended to send the family member a document that listed all nursing homes that work with the U.S. Department of Veteran Affairs. Instead, the medical center employee inadvertently emailed the individual a historical list of nursing home residents, constituting a violation of HIPAA.

The list included veterans' names, abbreviated Social Security numbers, nursing home where they had been admitted, diagnoses and service-connection disability rating percentages.

The incident, which occurred in November 2018, was an isolated error. The medical center has since taken steps to reduce the likelihood of a similar issue occuring in the future, including encrypting files that contain historical information, according to HIPAA Journal.

"Lebanon VA Medical Center and our employees take our responsibility to protect patient information very seriously," Lebanon VA Privacy Officer Tonya Hromco told HIPAA Journal. "Along with assistance from national offices, we immediately investigated this inadvertent, unauthorized release of information."

Affected individuals and family members of deceased patients have been mailed notification letters about the privacy breach.

More articles on cybersecurity:

Apple CEO to Congress: It's time to step in, protect our privacy
7 tips for healthcare organizations to avoid falling victim to phishing attacks
HITRUST updates program for HIPAA, HITECH compliance assessments

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.