recommended reading


VA Staffer Sent Hospital-wide Email About a Vet’s Suicide

Data dump; Insider attack; Unauthorized use of employer’s data

A Veterans Affairs Department employee might have broken patient privacy law when he circulated an email about a veteran’s suicide throughout a VA hospital, in response to bad press.

The death had been highlighted in a political ad by Rep. Kyrsten Sinema, D-Ariz.

“Glenn Costie, acting director of the Phoenix VA Healthcare System, sent the e-mail Sept. 4, defending the hospital's role in caring for Daniel Somers, an Iraq war veteran who took his own life last summer,” the Arizona Republic reports.  “Costie was responding to a re-election ad for Sinema that features the parents of Somers, praising her efforts to reform the VA and criticizing the hospital's treatment of Somers.”

A top VA official says Costie shouldn't have sent the message and that the department is investigating whether he violated privacy rules.

The veteran's parents were not notified that Costie planned to send a hospital-wide message about their son.

The Somerses wrote in an e-mail to The Republic that it’s “hard to believe that he actually referred to Daniel's personal medical records. It's very sad and so discouraging."

Costie wrote in the Sept. 4 message to employees that he wanted to "fill in some of the gaps of information from the ad," though he did not name Somers or Sinema. He then detailed the months and years that Somers was under VA care and the date of his suicide. Costie said reviews of Somers' VA health records found "no unusual variations in care."

Even if allegations of flawed care are published in the media, the provider is bound to silence about treatment by health privacy law obligations.

For example, providers are prohibited from sharing dates of care, unless they receive permission from patients or their representatives. They also must not release information that could be used to identify a patient, alone or in combination with other information — such as a campaign ad.

Pete Hegseth, head of Concerned Veterans of America, said "The VA hides behind privacy regulations when questioned by the press, and even uses them to silence whistleblowers, but then has no problem surreptitiously leaking the same information to undermine one of their critics when it serves their purposes.”


Healthcare and Public Health


September 17, 2014

reported by

Arizona Republic

number affected


location of breach

Arizona, United States



location of perpetrators

Arizona, United States

date breach occurred

September 04, 2014

date breach detected