Patient privacy violations were highest at Veterans Affairs and CVS Health based on the number of federal citations, according to a new report.
In response, VA said the agency “takes veteran privacy and the privacy of medical or health records very seriously.” But despite its “very” serious approach to patient privacy, VA tied CVS for the most privacy complaints that resulted in corrective action plans or “technical assistance” from US Department of Health and Human Services (HHS) from 2011 to 2014.
How can we continue to believe VA when it continues to have problems in protecting veteran privacy? Why is this always an issue for the agency; is it because of the sheer number of patients or is there something more going on?
PATIENT PRIVACY VIOLATIONS FOIA
ProPublica received the information through a Freedom of Information Act request covering the years between 2011 to 2014; the latter was the most recent year data on patient privacy violations was available.
In addition to the above citations, the nonprofit journalism organization also found:
- In 2014, HHS received more than 17,000 complaints, as well as tens of thousands of self-reported breaches of medical information.
- Some providers inadvertently, or in some cases deliberately, shared patients’ medical information without their permission.
- The top five categories of complaints in 2014 were impermissible uses and disclosures, safeguards, administrative safeguards, access and technical safeguards.
What do you want to bet VA beat out CVS in the “deliberately” sharing of patient data category?
Each year, VA says it “takes veteran privacy” very seriously. We are asked to trust the agency. Still, VA continues to receive these dubious citations each year.
Why is it still an issue?
WHY SO MANY VA PATIENT PRIVACY VIOLATIONS?
Is it possible that VA does take privacy seriously on a corporate level but repeatedly fails to follow through with the mission by holding violators accountable?
My best guess is that these persistent privacy problems have more to do with lower level medical professionals not following the law while higher-level executives refuse to hold them accountable.
Maybe this makes it a two-fer kind of betrayal of the public trust and why VA continues to top the charts in patient privacy violations.