Chat with us, powered by LiveChat

Privacy breaches In VA Health Records Wound Veterans

With HIPAA being enforced more stringently recently there have been a number of cases where health providers are facing HIPAA related fines or lawsuits. The most recent is none other than the U.S. Department of Veteran Affairs.

While some previous cases seemed unintentional or simple mistakes, according to a Pittsburgh Tribune-Review investigation there were widespread violations at the VA. The investigation stems from a former VA employee who claims the privacy of her medical records was abused.

The subsequent investigation found there were an astounding 14,215 violations that affected 101,018 veterans and 551 VA employees at 167 facilities since 2010. These violations included using patient information for fraudulent purposes, snooping through patient records and even sharing records publicly on social media as well as privately without patient consent. This sharing of records was both intentional and unintentional but nonetheless violates HIPAA provisions. There were even previously stolen computers and lack of encryption that led to problems concerning patient record privacy.

The list of violations and problems within the VA seem to be systemic. The investigation made a number of recommendations to fix the root causes of these problems but it remains to be seen how effective the VA’s efforts to do so will be in the future.

Without a doubt protecting the privacy of medical records should be paramount for any medical provider, even more so for the Veterans who’ve helped this country. A thorough HIPAA risk analysis and HIPAA compliance software solution can go a long way in preventing these types of systemic issues within the VA and helping other medical providers be HIPAA compliant.


  1. Way to go! I am so elated to see that the Department of Veteran Affairs is not above the law. I am a victim of a VA employee who used my individually unique identifier, without authorization, accessed my protected health information, used and disclosed that protected health information under false pretenses, stating that she had a letter from my doctor stating that I was HIV Positive. Laboratory tests have confirmed that I am not and have never been HIV Positive/or tested positive. I snatched the letter from the VA employee, read it, and pointed out to her that the letter was to inform me that results for a Chemistry and ESR were within normal limits. The VA employee seemed to become enraged at my challenge of her false dissemination and persisted to verbally disseminate that I was HIV Positive in an occupied ER waiting area. The VA Medical Center has refused to acknowledge the wrongdoing of the nurse (of course to ensure their non-liability) for this blatant hipaa violation. The Virginia Board of Nursing also refused to discipline the nurse citing “insufficient evidence.” However, I have the nurse’s fingerprints on the same data that she breached without authorizaiton, and maybe it is a good thing that the board of nursing did absolutely nothing with regard to her practice. She is going to need her license, to keep working, insurance, and money to pay for the legal case against her! This article made my day knowing that people will go up against the VA!

Speak Your Mind